Qpid Apache Qpid

Do you want an email whenever new security vulnerabilities are reported in Apache Qpid?

By the Year

In 2022 there have been 0 vulnerabilities in Apache Qpid . Qpid did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 1 7.40
2018 0 0.00

It may take a day or so for new Qpid vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Qpid Security Vulnerabilities

While investigating bug PROTON-2014, we discovered

CVE-2019-0223 7.4 - High - April 23, 2019

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

The Python client in Apache Qpid before 2.2 does not verify

CVE-2013-1909 - August 23, 2013

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Qpid or by Apache? Click the Watch button to subscribe.


Apache Qpid