Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qpid | Apache | 0.12 (including) | 0.12 (including) |
| MRG for RHEL-5 v. 2 | RedHat | condor-0:7.6.5-0.14.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | python-qpid-0:0.14-6.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-cpp-mrg-0:0.14-14.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-java-0:0.14-3.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-jca-0:0.14-9.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-qmf-0:0.14-9.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-tests-0:0.14-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-tools-0:0.14-2.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | sesame-0:1.0-3.el5 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-0:7.6.5-0.14.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-cpp-0:0.14-14.el6_2 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-java-0:0.14-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-jca-0:0.14-9.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-qmf-0:0.14-7.el6_2 | * |
| Red Hat Enterprise MRG 2 | RedHat | sesame-0:1.0-5.el6 | * |
| Qpid-cpp | Ubuntu | artful | * |
| Qpid-cpp | Ubuntu | precise | * |
| Qpid-cpp | Ubuntu | quantal | * |
| Qpid-cpp | Ubuntu | raring | * |
| Qpid-cpp | Ubuntu | saucy | * |
| Qpid-cpp | Ubuntu | trusty | * |
| Qpid-cpp | Ubuntu | utopic | * |
| Qpid-cpp | Ubuntu | vivid | * |
| Qpid-cpp | Ubuntu | wily | * |
| Qpid-cpp | Ubuntu | xenial | * |
| Qpid-cpp | Ubuntu | yakkety | * |
| Qpid-cpp | Ubuntu | zesty | * |