CVE-2019-0223 in Apache and Red Hat Products
Published on April 23, 2019
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
NVD
Products Associated with CVE-2019-0223
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-0223 are published in these products:
Affected Versions
Apache Software Foundation Apache Qpid Proton Version 0.9 to 0.27.0 is affected by CVE-2019-0223Exploit Probability
EPSS
0.40%
Percentile
60.27%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.