Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8039

[CVE-2017-15702] [Broker-J] HTTP Ports may be tricked into using the wrong authentication provider

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Won't Fix
    • 0.18, 0.32
    • qpid-java-6.0
    • Broker-J
    • None

    Description

      In Qpid Broker-J 0.18..0.32 the when connecting to the HTTP port, it is possible to trick the port into using an authentication provider other than the one configured on the port. This becomes an issue if many authentication providers are configured and one offers less trust than another.

      This was resolved in Qpid Broker-J v6.0.0 and above.

      Attachments

        Issue Links

          links to

          Web Link CVE-2017-15702

          Activity

            People

              Unassigned Unassigned
              lorenz.quack Lorenz Quack
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: