CVE-2016-4432: AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication
9.1
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.63635%
CWE
Published
10/16/2018
Updated
2/3/2023
KEV Status
No
Technology
Java
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol | maven | < 6.0.3 | 6.0.3 |
org.apache.qpid:qpid-broker-plugins-amqp-1-0-protocol | maven | < 6.0.3 | 6.0.3 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information indicates the issue stems from improper connection state logging in AMQP 0-8 to 0-10 protocol handlers, leading to authentication bypass. While the JIRA ticket (QPID-7257) and SVN revisions (1743161, 1743393) suggest fixes to connection state logging logic, the available data does not include specific code diffs, function names
, or file paths
. The description broadly implicates 'connection handling' components but lacks granular details to confidently identify exact vulnerable functions
. Without explicit evidence of function-level
changes or implementation details, we cannot specify vulnerable functions
with high confidence.