CVE-2016-8741

HIGH

Apache Qpid Broker for Java <6.0.6, <6.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-8741. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains source code files from Apache Qpid Broker-J, specifically the BerkeleyDB store component, which is vulnerable to CVE-2016-8741. The files include Java classes and scripts related to the BDB message store and JMX management, but no explicit exploit code is present.

Description

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256.

Exploits (2)

nomisec WRITEUP
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2016-8741-qpid-broker-j-vulnerable

This repository contains source code files from Apache Qpid Broker-J, specifically the BerkeleyDB store component, which is vulnerable to CVE-2016-8741. The files include Java classes and scripts related to the BDB message store and JMX management, but no explicit exploit code is present.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Apache Qpid Broker-J (BerkeleyDB store component)
No auth needed
Prerequisites: Access to vulnerable Apache Qpid Broker-J instance
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WRITEUP
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2016-8741-qpid-broker-j-vulnerable

This repository contains source code files from Apache Qpid Broker-J, specifically the BerkeleyDB store component, which is vulnerable to CVE-2016-8741. The files include Java classes and scripts related to the BDB store functionality, but no explicit exploit code is present.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Apache Qpid Broker-J (BerkeleyDB store component)
No auth needed
Prerequisites: Access to vulnerable Apache Qpid Broker-J instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037537
Issue Tracking x_refsource_confirm
https://issues.apache.org/jira/browse/QPID-7599
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95136

Scores

CVSS v3 7.5
EPSS 0.0077
EPSS Percentile 74.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (9)
apache/qpid_broker-j 6.0.1
apache/qpid_broker-j 6.0.2
apache/qpid_broker-j 6.0.3
apache/qpid_broker-j 6.0.4
apache/qpid_broker-j 6.0.5
apache/qpid_broker-j 6.1.0
Apache Software Foundation/Apache Qpid Broker-J 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5
Apache Software Foundation/Apache Qpid Broker-J 6.1.0
org.apache.qpid/qpid-broker 6.0.0 - 6.0.6Maven
Published May 15, 2017
Tracked Since Feb 18, 2026