The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
2013-03-14T03:10:22.530
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | apache | qpid | ≤ 0.20 | Yes |
| Application | apache | qpid | 0.5 | Yes |
| Application | apache | qpid | 0.6 | Yes |
| Application | apache | qpid | 0.7 | Yes |
| Application | apache | qpid | 0.8 | Yes |
| Application | apache | qpid | 0.9 | Yes |
| Application | apache | qpid | 0.10 | Yes |
| Application | apache | qpid | 0.11 | Yes |
| Application | apache | qpid | 0.12 | Yes |
| Application | apache | qpid | 0.13 | Yes |
| Application | apache | qpid | 0.14 | Yes |
| Application | apache | qpid | 0.15 | Yes |
| Application | apache | qpid | 0.16 | Yes |
| Application | apache | qpid | 0.17 | Yes |
| Application | apache | qpid | 0.18 | Yes |
| Application | apache | qpid | 0.19 | Yes |