Miggo Logo

CVE-2016-4432: AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication

9.1

CVSS Score
3.0

Basic Information

EPSS Score
0.63635%
Published
10/16/2018
Updated
2/3/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocolmaven< 6.0.36.0.3
org.apache.qpid:qpid-broker-plugins-amqp-1-0-protocolmaven< 6.0.36.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information indicates the issue stems from improper connection state logging in AMQP 0-8 to 0-10 protocol handlers, leading to authentication bypass. While the JIRA ticket (QPID-7257) and SVN revisions (1743161, 1743393) suggest fixes to connection state logging logic, the available data does not include specific code diffs, function names, or file paths. The description broadly implicates 'connection handling' components but lacks granular details to confidently identify exact vulnerable functions. Without explicit evidence of function-level changes or implementation details, we cannot specify vulnerable functions with high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *MQP *-*, *-*, *-**, *n* *-** *onn**tion **n*lin* in *p**** Qpi* J*v* ***or* *.*.* mi**t *llow r*mot* *tt**k*rs to *yp*ss *ut**nti**tion *n* *ons*qu*ntly p*r*orm **tions vi* v**tors r*l*t** to *onn**tion st*t* lo**in*.

Reasoning

T** provi*** vuln*r**ility in*orm*tion in*i**t*s t** issu* st*ms *rom improp*r *onn**tion st*t* lo**in* in *MQP *-* to *-** proto*ol **n*l*rs, l***in* to *ut**nti**tion *yp*ss. W*il* t** JIR* ti*k*t (QPI*-****) *n* SVN r*visions (*******, *******) su