CVE-2017-15702

Published: Dic 01, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2018-0473 Aliases: GHSA-269m-695x-j34p
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0309
Percentile
0,9th
Updated

EPSS Score Trend (Last 91 Days)

Application

Qpid Broker-J by Apache

Product Information
Vendor Apache
Product Qpid Broker-J
Version Range Affected
From 0.18 (inclusive)
To 0.32 (inclusive)
cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://issues.apache.org/jira/browse/QPID-8039
Vendor Advisory
https://issues.apache.org/jira/browse/QPID-8039
https://lists.apache.org/thread.html/59d241e30db23b8b0af26b…
https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3d…
https://qpid.apache.org/cves/CVE-2017-15702.html
Vendor Advisory
https://qpid.apache.org/cves/CVE-2017-15702.html
http://www.securityfocus.com/bid/102040
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/102040
https://issues.apache.org/jira/browse/QPID-8039
Vendor Advisory
https://issues.apache.org/jira/browse/QPID-8039
https://lists.apache.org/thread.html/59d241e30db23b8b0af26b…
https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3d…
https://qpid.apache.org/cves/CVE-2017-15702.html
Vendor Advisory
https://qpid.apache.org/cves/CVE-2017-15702.html
http://www.securityfocus.com/bid/102040
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/102040