5.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1298

GHSA ID

GHSA-6w3v-66mj-2qm6

EPSS Score

0.78048%

CWE

CWE-20

Published

10/19/2018

Updated

1/9/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-1298

CVE-2018-1298: Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQP 1.0 and HTTP connections are not affected. An authentication of incoming AMQP connections in Apache Qpid Broker-J is performed by special entities called "Authentication Providers". Each Authentication Provider can support several SASL mechanisms which are offered to the connecting clients as part of SASL negotiation process. The client chooses the most appropriate SASL mechanism for authentication. Authentication Providers of following types supports PLAIN SASL mechanism: Plain, PlainPasswordFile, SimpleLDAP, Base64MD5PasswordFile, MD5, SCRAM-SHA-256, SCRAM-SHA-1. XOAUTH2 SASL mechanism is supported by Authentication Providers of type OAuth2. If an AMQP port is configured with any of these Authentication Providers, the Broker may be vulnerable.

(GitHub Advisory)

5.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-1298

GHSA ID

GHSA-6w3v-66mj-2qm6

EPSS Score

0.78048%

CWE

CWE-20

Published

10/19/2018

Updated

1/9/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.qpid:apache-qpid-broker-j	maven	= 7.0.0	7.0.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper input validation in SASL negotiation:

SaslServlet's doPostWithSubjectAndActor allowed creating SASL servers for unsupported mechanisms
OAuth2/Plain negotiators' handleResponse methods lacked state validation and proper empty response handling
The patches add mechanism validation, state machines, and response checks - indicating these were the vulnerable entry points
Runtime exploitation would show these functions in stack traces when processing malicious authentication attempts with empty responses or unsupported mechanisms

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* **ni*l o* S*rvi** vuln*r**ility w*s *oun* in *p**** Qpi* *rok*r-J *.*.* in *un*tion*lity *or *ut**nti**tion o* *onn**tions *or *MQP proto*ols *-*, *-*, *-** *n* *-** w**n PL*IN or XO*UT** S*SL m****nism is us**. T** vuln*r**ility *llows un*ut**nti*

Reasoning

T** vuln*r**ility st*ms *rom improp*r input v*li**tion in S*SL n**oti*tion: *. S*slS*rvl*t's *oPostWit*Su*j**t*n***tor *llow** *r**tin* S*SL s*rv*rs *or unsupport** m****nisms *. O*ut**/Pl*in n**oti*tors' **n*l*R*spons* m*t*o*s l**k** st*t* v*li**tio

5.9

Basic Information

Concerned about an active attack path?

CVE-2018-1298: Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI