Informazioni sul CVE-2019-0223
N/A
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2019-0223
Descrizione: While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E
- https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E
- http://www.openwall.com/lists/oss-security/2019/04/23/4
- https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E
- https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
- https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E
- http://www.securityfocus.com/bid/108044
- https://access.redhat.com/errata/RHSA-2019:0886
- https://access.redhat.com/errata/RHSA-2019:1399
- https://access.redhat.com/errata/RHSA-2019:1400
- https://access.redhat.com/errata/RHSA-2019:1398
- https://access.redhat.com/errata/RHSA-2019:2777
- https://access.redhat.com/errata/RHSA-2019:2778
- https://access.redhat.com/errata/RHSA-2019:2779
- https://access.redhat.com/errata/RHSA-2019:2780
- https://access.redhat.com/errata/RHSA-2019:2781
- https://access.redhat.com/errata/RHSA-2019:2782
Prodotti interessati
- Apache Software Foundation – Apache Qpid Proton
Relazioni con altri prodotti
Produttore:Apache Software Foundation
Prodotto: Apache Qpid Proton
Anno: 2019
CWE:
CVSS: 0.0