GHSA-jj9h-mwhq-8vhm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jj9h-mwhq-8vhm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-jj9h-mwhq-8vhm/GHSA-jj9h-mwhq-8vhm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jj9h-mwhq-8vhm
- Aliases
- Published
- 2018-10-16T19:50:13Z
- Modified
- 2024-02-16T08:09:19.102375Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Improper Input Validation in org.apache.qpid:qpid-broker
- Details
-
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.
- Database specific
{ "cwe_ids": [ "CWE-20", "CWE-287" ], "github_reviewed": true, "severity": "MODERATE", "github_reviewed_at": "2020-06-16T21:43:38Z", "nvd_published_at": "2016-06-01T20:59:05Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-3094
- https://github.com/advisories/GHSA-jj9h-mwhq-8vhm
- https://issues.apache.org/jira/browse/QPID-7271
- https://svn.apache.org/viewvc?view=revision&revision=1744403
- http://mail-archives.apache.org/mod_mbox/qpid-users/201605.mbox/%3C5748641A.2050701%40gmail.com%3E
- http://packetstormsecurity.com/files/137215/Apache-Qpid-Java-Broker-6.0.2-Denial-Of-Service.html
- http://qpid.apache.org/releases/qpid-java-6.0.3/release-notes.html
- http://www.securityfocus.com/archive/1/538507/100/0/threaded
- http://www.securitytracker.com/id/1035982
Affected packages
Maven / org.apache.qpid:qpid-broker
Package
- Name
- org.apache.qpid:qpid-broker
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.qpid/qpid-broker