Man-in-the-Middle (MitM) Affecting org.apache.qpid:proton-j package, versions [,0.12.1)
Snyk CVSS
Attack Complexity
High
Integrity
High
Threat Intelligence
EPSS
0.08% (32nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEQPID-466325
- published 9 Mar 2016
- disclosed 9 Mar 2016
- credit Matthew Farrellee
Introduced: 9 Mar 2016
CVE-2016-2166 Open this link in a new tabHow to fix?
Upgrade org.apache.qpid:proton-j
to version 0.12.1 or higher.
Overview
org.apache.qpid:proton-j is a lightweight messaging library.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The proton.reactor.Connector
, proton.reactor.Container
, and proton.utils.BlockingConnection
classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps
URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.