CVE-2011-3620
Apache Qpid 0.12 - Improper Authentication during Cluster Join
Title source: llmDescription
Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49000
Various Sources x_refsource_confirm
https://issues.apache.org/jira/browse/QPID-3652
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=747078
Various Sources x_refsource_confirm
https://reviews.apache.org/r/2988/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026990
Scores
EPSS
0.0531
EPSS Percentile
91.6%
Details
CWE
CWE-287
Status
published
Products (1)
apache/qpid
0.12
Published
May 03, 2012
Tracked Since
Feb 18, 2026