VDB
CVE-2012-4446
CVE-2012-4446
PUBLISHED
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
EPSS 0.44% · 63.5th percentile
Risk Scores
EPSS Score
0.44%
63.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | qpid-cpp | 0, 0.16-9build1, 0.16-9ubuntu1 |
Exploit Intelligence
- https://issues.apache.org/jira/browse/QPID-4631 (circl)
- RHSA-2013:0561 (circl)
- RHSA-2013:0562 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=851355 (circl)
- 52516 (circl)
Timeline
- Mar 12, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2012-4446 third-party-advisory
- https://rhn.redhat.com/errata/RHSA-2013-0561.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2012-4446 third-party-advisory