CVE-2012-4446: Improper Authentication

May 17, 2022 (updated July 13, 2022)

The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.

References

rhn.redhat.com/errata/RHSA-2013-0561.html
rhn.redhat.com/errata/RHSA-2013-0562.html
bugzilla.redhat.com/show_bug.cgi?id=851355
github.com/advisories/GHSA-mrgh-6x42-x6xf
issues.apache.org/jira/browse/QPID-4631
nvd.nist.gov/vuln/detail/CVE-2012-4446

Code Behaviors & Features

Detect and mitigate CVE-2012-4446 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →