9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2017-15702

GHSA ID

GHSA-269m-695x-j34p

EPSS Score

0.86207%

CWE

Published

10/19/2018

Updated

11/4/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-15702

CVE-2017-15702: Apache Qpid Broker vulnerable to authentication port spoofing

Apache Qpid Broker-J versions 0.18 through 0.32 are vulnerable to authentication port spoofing. When the broker is configured with different authentication providers on different ports, one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2017-15702

GHSA ID

GHSA-269m-695x-j34p

EPSS Score

0.86207%

CWE

Published

10/19/2018

Updated

11/4/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.qpid:qpid-broker	maven	>= 0.18, <= 0.32	6.0.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability descriptions and references indicate a misconfiguration handling issue where authentication providers are not properly scoped to their respective ports, particularly affecting HTTP ports. However, none of the sources (CVE details, Jira ticket, or Apache advisory) explicitly identify specific functions or code paths responsible for this behavior. The lack of commit diffs, patch details, or concrete code examples makes it impossible to pinpoint exact vulnerable functions with high confidence. The vulnerability appears to stem from architectural/design flaws in port-specific authentication provider binding rather than isolated functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** Qpi* *rok*r-J v*rsions *.** t*rou** *.** *r* vuln*r**l* to *ut**nti**tion port spoo*in*. W**n t** *rok*r is *on*i*ur** wit* *i***r*nt *ut**nti**tion provi**rs on *i***r*nt ports, on* o* w*i** is *n *TTP port, t**n t** *rok*r **n ** tri*k** *y

Reasoning

T** provi*** vuln*r**ility **s*riptions *n* r***r*n**s in*i**t* * mis*on*i*ur*tion **n*lin* issu* w**r* *ut**nti**tion provi**rs *r* not prop*rly s*op** to t**ir r*sp**tiv* ports, p*rti*ul*rly *****tin* *TTP ports. *ow*v*r, non* o* t** sour**s (*V* *

9.8

Basic Information

Concerned about an active attack path?

CVE-2017-15702: Apache Qpid Broker vulnerable to authentication port spoofing

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI