org.apache.qpid:qpid-broker
Maven4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.qpid:qpid-brokerpage 1 of 1
- CVE-2016-3094MEDIUMCVSS 5.9EG 5.9✓ Fixed in 6.0.32016-06-01
vulnerable: 0.14 ... 6.0.2 (13 versions)
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which trigge…
- CVE-2016-8741HIGHCVSS 7.5EG 7.5✓ Fixed in 6.1.12017-05-15
vulnerable: 6.1.0
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered tha…
- CVE-2017-15701HIGHCVSS 7.5EG 7.5✓ Fixed in 6.1.52017-12-01
vulnerable: 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all availabl…
- CVE-2017-15702CRITICALCVSS 9.8EG 9.8✓ Fixed in 6.0.02017-12-01
vulnerable: 0.18 ... 0.32 (8 versions)
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting …
Check whether org.apache.qpid:qpid-broker is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.qpid:qpid-broker CVEs against the assets you own.
Start Free Scan →