The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qpid | Apache | * | 0.20 (including) |
| Qpid | Apache | 0.5 (including) | 0.5 (including) |
| Qpid | Apache | 0.6 (including) | 0.6 (including) |
| Qpid | Apache | 0.7 (including) | 0.7 (including) |
| Qpid | Apache | 0.8 (including) | 0.8 (including) |
| Qpid | Apache | 0.9 (including) | 0.9 (including) |
| Qpid | Apache | 0.10 (including) | 0.10 (including) |
| Qpid | Apache | 0.11 (including) | 0.11 (including) |
| Qpid | Apache | 0.12 (including) | 0.12 (including) |
| Qpid | Apache | 0.13 (including) | 0.13 (including) |
| Qpid | Apache | 0.14 (including) | 0.14 (including) |
| Qpid | Apache | 0.15 (including) | 0.15 (including) |
| Qpid | Apache | 0.16 (including) | 0.16 (including) |
| Qpid | Apache | 0.17 (including) | 0.17 (including) |
| Qpid | Apache | 0.18 (including) | 0.18 (including) |
| Qpid | Apache | 0.19 (including) | 0.19 (including) |
| MRG for RHEL-5 v. 2 | RedHat | cumin-messaging-0:0.1.1-2.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | mrg-release-0:2.3.0-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | python-qpid-0:0.18-4.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-cpp-mrg-0:0.18-14.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-java-0:0.18-7.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-jca-0:0.18-8.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-qmf-0:0.18-15.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-tests-0:0.18-2.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | qpid-tools-0:0.18-8.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | rhm-docs-0:0.18-2.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | saslwrapper-0:0.18-1.el5 | * |
| Red Hat Enterprise MRG 2 | RedHat | cumin-messaging-0:0.1.1-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | mrg-release-0:2.3.0-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | python-qpid-0:0.18-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-cpp-0:0.18-14.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-java-0:0.18-7.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-jca-0:0.18-8.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-qmf-0:0.18-15.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-tests-0:0.18-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | qpid-tools-0:0.18-8.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rhm-docs-0:0.18-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rake-0:0.8.7-2.1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygems-0:1.8.16-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | saslwrapper-0:0.18-1.el6_3 | * |
| Red Hat Enterprise MRG 2 | RedHat | xerces-c-0:3.0.1-20.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | xqilla-0:2.2.3-8.el6 | * |
| Qpid-cpp | Ubuntu | artful | * |
| Qpid-cpp | Ubuntu | esm-apps/xenial | * |
| Qpid-cpp | Ubuntu | precise | * |
| Qpid-cpp | Ubuntu | quantal | * |
| Qpid-cpp | Ubuntu | raring | * |
| Qpid-cpp | Ubuntu | saucy | * |
| Qpid-cpp | Ubuntu | trusty | * |
| Qpid-cpp | Ubuntu | upstream | * |
| Qpid-cpp | Ubuntu | utopic | * |
| Qpid-cpp | Ubuntu | vivid | * |
| Qpid-cpp | Ubuntu | wily | * |
| Qpid-cpp | Ubuntu | xenial | * |
| Qpid-cpp | Ubuntu | yakkety | * |
| Qpid-cpp | Ubuntu | zesty | * |