Apache Software Foundation Apache Qpid Broker-J vulnerabilities
6 known vulnerabilities affecting apache_software_foundation/apache_qpid_broker-j.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-0200HIGHCVSS 7.5vApache Qpid Broker-J 6.0.0 to 7.0.6 (inclusive), 7.1.02019-03-06
CVE-2019-0200 [HIGH] CVE-2019-0200: A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive)
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0
cvelistv5nvd
CVE-2018-8030HIGHCVSS 7.5v7.0.0, 7.0.1, 7.0.2, 7.0.32018-06-20
CVE-2018-8030 [HIGH] CWE-20 CVE-2018-8030: A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP p
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.
cvelistv5nvd
CVE-2018-1298MEDIUMCVSS 5.9v7.0.02018-02-09
CVE-2018-1298 [MEDIUM] CWE-20 CVE-2018-1298: A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authe
A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentic
cvelistv5nvd
CVE-2017-15702CRITICALCVSS 9.8v0.18 through 0.322017-12-01
CVE-2017-15702 [CRITICAL] CVE-2017-15702: In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication
In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still nee
cvelistv5nvd
CVE-2017-15701HIGHCVSS 7.5v6.1.0, 6.1.1, 6.1.2, 6.1.3, and 6.1.42017-12-01
CVE-2017-15701 [HIGH] CWE-400 CVE-2017-15701: In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforc
In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected.
cvelistv5nvd
CVE-2016-8741HIGHCVSS 7.5v6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5v6.1.02017-05-15
CVE-2016-8741 [HIGH] CWE-200 CVE-2016-8741: The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely
cvelistv5nvd