{"containers": {"cna": {"affected": [{"product": "Apache Qpid Broker-J", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "0.18 through 0.32"}]}], "datePublic": "2017-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected."}], "problemTypes": [{"descriptions": [{"description": "Authentication vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-06T10:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/QPID-8039"}, {"name": "102040", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102040"}, {"name": "[dev] 20171130 [SECURITY] [CVE-2017-15702] Apache Qpid Broker-J Authentication Vulnerability on HTTP Ports", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090%40%3Cdev.qpid.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://qpid.apache.org/cves/CVE-2017-15702.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-11-30T00:00:00", "ID": "CVE-2017-15702", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Qpid Broker-J", "version": {"version_data": [{"version_value": "0.18 through 0.32"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://issues.apache.org/jira/browse/QPID-8039", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/QPID-8039"}, {"name": "102040", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102040"}, {"name": "[dev] 20171130 [SECURITY] [CVE-2017-15702] Apache Qpid Broker-J Authentication Vulnerability on HTTP Ports", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090@%3Cdev.qpid.apache.org%3E"}, {"name": "https://qpid.apache.org/cves/CVE-2017-15702.html", "refsource": "CONFIRM", "url": "https://qpid.apache.org/cves/CVE-2017-15702.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:04:49.674Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/jira/browse/QPID-8039"}, {"name": "102040", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102040"}, {"name": "[dev] 20171130 [SECURITY] [CVE-2017-15702] Apache Qpid Broker-J Authentication Vulnerability on HTTP Ports", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090%40%3Cdev.qpid.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://qpid.apache.org/cves/CVE-2017-15702.html"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-15702", "datePublished": "2017-12-01T15:00:00Z", "dateReserved": "2017-10-21T00:00:00", "dateUpdated": "2024-09-16T16:38:43.290Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*", "matchCriteriaId": "78C295BD-3BF5-44E3-B0A6-14A060C1042D", "versionEndIncluding": "0.32", "versionStartIncluding": "0.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected."}, {"lang": "es", "value": "En las versiones 0.18 a 0.32 de Broker-J de Apache Qpid, si el broker est\u00e1 configurado con diferentes proveedores de autenticaci\u00f3n en diferentes puertos (uno de ellos es un puerto HTTP), un atacante remoto no autenticado puede enga\u00f1ar al broker conect\u00e1ndose al puerto HTTP para que utilice un proveedor de autenticaci\u00f3n que se configur\u00f3 en un puerto diferente. El atacante a\u00fan necesitar\u00eda credenciales v\u00e1lidas con el proveedor de autenticaci\u00f3n en el puerto suplantado. Esto es un problema cuando el puerto suplantado tiene una protecci\u00f3n de autenticaci\u00f3n m\u00e1s d\u00e9bil (por ejemplo, acceso an\u00f3nimo, cuentas por defecto, etc.) y normalmente se protege con reglas de firewall o similares que pueden ser omitidos con esta vulnerabilidad. Los puertos AMQP no se ven afectados. Las versiones 6.0.0 y posteriores no se ven afectadas."}], "id": "CVE-2017-15702", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-01T15:29:00.260", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102040"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/QPID-8039"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090%40%3Cdev.qpid.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://qpid.apache.org/cves/CVE-2017-15702.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/QPID-8039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090%40%3Cdev.qpid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://qpid.apache.org/cves/CVE-2017-15702.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "qpid-java: Authentication vulnerability on HTTP ports", "id": "1524469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524469"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-287", "details": ["In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected."], "name": "CVE-2017-15702", "package_state": [{"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "qpid-java", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:3", "fix_state": "Will not fix", "package_name": "qpid-java", "product_name": "Red Hat Enterprise MRG 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "qpid-java", "product_name": "Red Hat Satellite 6"}], "public_date": "2017-11-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-15702\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15702\nhttps://qpid.apache.org/cves/CVE-2017-15702.html"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}