CVE-2012-3467
Apache QPID Allows Remote Authentication Bypass
EPSS 6.4%
Description
Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
How to fix CVE-2012-3467
To remediate CVE-2012-3467, upgrade the affected package to a fixed version below.
- Maven/org.apache.qpid:qpid-parent—upgrade to 0.17 or later
Is CVE-2012-3467 being exploited?
Moderate — EPSS is 6.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 0.17