CVE-2016-3094: Improper Input Validation

October 16, 2018 (updated September 14, 2021)

PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception.

References

github.com/advisories/GHSA-jj9h-mwhq-8vhm
nvd.nist.gov/vuln/detail/CVE-2016-3094

Code Behaviors & Features

Detect and mitigate CVE-2016-3094 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →