Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
2012-08-27T23:55:02.383
2025-04-11T00:51:21.963
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:P/A:N
10.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | apache | qpid | ≤ 0.16 | Yes |
Application | apache | qpid | 0.5 | Yes |
Application | apache | qpid | 0.6 | Yes |
Application | apache | qpid | 0.14 | Yes |