← back
CVE-2012-3467

CVE-2012-3467

EPSS 6.4%
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2012-1277.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1279.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=836276http://secunia.com/advisories/50186http://secunia.com/advisories/50698https://exchange.xforce.ibmcloud.com/vulnerabilities/77568https://issues.apache.org/jira/browse/QPID-3849http://svn.apache.org/viewvc?view=revision&revision=1352992http://www.openwall.com/lists/oss-security/2012/08/09/6http://www.securityfocus.com/bid/54954