Apache Qpid
By the Year
In 2022 there have been 0 vulnerabilities in Apache Qpid . Qpid did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.40 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Qpid vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Qpid Security Vulnerabilities
While investigating bug PROTON-2014, we discovered
CVE-2019-0223
7.4 - High
- April 23, 2019
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
The Python client in Apache Qpid before 2.2 does not verify
CVE-2013-1909
- August 23, 2013
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Qpid or by Apache? Click the Watch button to subscribe.
