Vulnerability Description
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Qpid | <= 0.20 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-0561.html
- http://rhn.redhat.com/errata/RHSA-2013-0562.html
- http://secunia.com/advisories/52516Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=851355
- https://issues.apache.org/jira/browse/QPID-4631
- http://rhn.redhat.com/errata/RHSA-2013-0561.html
- http://rhn.redhat.com/errata/RHSA-2013-0562.html
- http://secunia.com/advisories/52516Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=851355
- https://issues.apache.org/jira/browse/QPID-4631
FAQ
What is CVE-2012-4446?
CVE-2012-4446 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to...
How severe is CVE-2012-4446?
CVE-2012-4446 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4446?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Qpid.