CVE Vulnerabilities

CVE-2011-3620

Improper Authentication

Published: May 03, 2012 | Modified: Aug 14, 2012
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
5.8 MODERATE
AV:A/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Qpid Apache 0.12 0.12
MRG for RHEL-5 v. 2 RedHat condor-0:7.6.5-0.14.el5 *
MRG for RHEL-5 v. 2 RedHat python-qpid-0:0.14-6.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-cpp-mrg-0:0.14-14.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-java-0:0.14-3.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-jca-0:0.14-9.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-qmf-0:0.14-9.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-tests-0:0.14-1.el5 *
MRG for RHEL-5 v. 2 RedHat qpid-tools-0:0.14-2.el5 *
MRG for RHEL-5 v. 2 RedHat sesame-0:1.0-3.el5 *
Red Hat Enterprise MRG 2 RedHat condor-0:7.6.5-0.14.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-cpp-0:0.14-14.el6_2 *
Red Hat Enterprise MRG 2 RedHat qpid-java-0:0.14-3.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-jca-0:0.14-9.el6 *
Red Hat Enterprise MRG 2 RedHat qpid-qmf-0:0.14-7.el6_2 *
Red Hat Enterprise MRG 2 RedHat sesame-0:1.0-5.el6 *
Qpid-cpp Ubuntu artful *
Qpid-cpp Ubuntu precise *
Qpid-cpp Ubuntu quantal *
Qpid-cpp Ubuntu raring *
Qpid-cpp Ubuntu saucy *
Qpid-cpp Ubuntu trusty *
Qpid-cpp Ubuntu utopic *
Qpid-cpp Ubuntu vivid *
Qpid-cpp Ubuntu wily *
Qpid-cpp Ubuntu xenial *
Qpid-cpp Ubuntu yakkety *
Qpid-cpp Ubuntu zesty *

Potential Mitigations

References