By the Year
In 2023 there have been 0 vulnerabilities in Apache Qpid . Qpid did not have any published security vulnerabilities last year.
It may take a day or so for new Qpid vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Qpid Security Vulnerabilities
While investigating bug PROTON-2014, we discovered
7.4 - High
- April 23, 2019
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
qpidd in Apache Qpid 0.30 and earlier
7.5 - High
- October 30, 2017
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.
Data Processing Errors
The Python client in Apache Qpid before 2.2 does not verify
- August 23, 2013
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Improper Input Validation
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier
- March 14, 2013
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Qpid or by Apache? Click the Watch button to subscribe.