Miggo Logo
Miggo Vulnerability Database
CVE-2016-3094

CVE-2016-3094: Improper Input Validation in org.apache.qpid:qpid-broker

5.9

CVSS Score
3.0

Basic Information

CVE ID
CVE-2016-3094
GHSA ID
GHSA-jj9h-mwhq-8vhm
EPSS Score
0.70957%
CWE
CWE-20
Published
10/16/2018
Updated
11/12/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.qpid:qpid-brokermaven< 6.0.36.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in the SASL authentication flow when handling client responses. The core issue is in PlainSaslServer's response evaluation method:

  1. The JIRA ticket QPID-7271 explicitly mentions fixing exception handling in PlainSaslServer
  2. SASL mechanisms in Java typically implement evaluateResponse() for authentication processing
  3. The vulnerability description specifies uncaught exceptions during authentication attempts
  4. The plaintext authentication mechanism would split client input into username/password components using null byte separators - a process vulnerable to malformed inputs
  5. Pre-patch versions lack proper try-catch blocks around this parsing logic, letting runtime exceptions propagate to the JVM
  6. The patched version (6.0.3) adds explicit SaslException handling as seen in the JIRA resolution comment

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Pl*inS*slS*rv*r.j*v* in *p**** Qpi* J*v* ***or* *.*.*, w**n t** *rok*r is *on*i*ur** to *llow pl*int*xt p*sswor*s, *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (*rok*r t*rmin*tion) vi* * *r**t** *ut**nti**tion *tt*mpt, w*i** tri***rs *n un**u

Reasoning

T** vuln*r**ility m*ni**sts in t** S*SL *ut**nti**tion *low w**n **n*lin* *li*nt r*spons*s. T** *or* issu* is in Pl*inS*slS*rv*r's r*spons* *v*lu*tion m*t*o*: *. T** JIR* ti*k*t QPI*-**** *xpli*itly m*ntions *ixin* *x**ption **n*lin* in Pl*inS*slS*r