Man-in-the-Middle (MitM) Affecting org.apache.qpid:proton-project package, versions [0.8,0.13.1)

Attack Complexity

High
Integrity

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGAPACHEQPID-30707
published

18 Jul 2016
disclosed

18 Jul 2016
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 18 Jul 2016

CVE-2016-4467 Open this link in a new tab CWE-300 Open this link in a new tab

Overview

org.apache.qpid:proton-project Affected versions of the package are vulnerable to Man in the Middle (MitM) Attacks. The Proton C client and C-based client bindings may fail to verify that the server host name matches the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates when running on Windows operating systems.

References

OSS Security
Jira Issue #1
Jira Issue #1

Man-in-the-Middle (MitM) Affecting org.apache.qpid:proton-project package, versions [0.8,0.13.1)

Attack Complexity

Integrity

snyk-id

published

disclosed

credit

Introduced: 18 Jul 2016

Overview

References