{"containers": {"cna": {"affected": [{"product": "Apache Qpid Proton", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "0.9 to 0.27.0"}]}], "datePublic": "2019-03-06T00:00:00", "descriptions": [{"lang": "en", "value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic."}], "problemTypes": [{"descriptions": [{"description": "Man-in-the-middle Attack", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-20T13:06:22", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"}, {"name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"}, {"name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"}, {"name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"}, {"name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"}, {"name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"}, {"name": "108044", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108044"}, {"name": "RHSA-2019:0886", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0886"}, {"name": "RHSA-2019:1399", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1399"}, {"name": "RHSA-2019:1400", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1400"}, {"name": "RHSA-2019:1398", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1398"}, {"name": "RHSA-2019:2777", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2777"}, {"name": "RHSA-2019:2778", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2778"}, {"name": "RHSA-2019:2779", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2779"}, {"name": "RHSA-2019:2780", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2780"}, {"name": "RHSA-2019:2781", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2781"}, {"name": "RHSA-2019:2782", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2782"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-0223", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Qpid Proton", "version": {"version_data": [{"version_value": "0.9 to 0.27.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Man-in-the-middle Attack"}]}]}, "references": {"reference_data": [{"name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E"}, {"name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E"}, {"name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"}, {"name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E"}, {"name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E"}, {"name": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"}, {"name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E"}, {"name": "108044", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108044"}, {"name": "RHSA-2019:0886", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0886"}, {"name": "RHSA-2019:1399", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1399"}, {"name": "RHSA-2019:1400", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1400"}, {"name": "RHSA-2019:1398", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1398"}, {"name": "RHSA-2019:2777", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2777"}, {"name": "RHSA-2019:2778", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2778"}, {"name": "RHSA-2019:2779", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2779"}, {"name": "RHSA-2019:2780", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2780"}, {"name": "RHSA-2019:2781", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2781"}, {"name": "RHSA-2019:2782", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2782"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:44:15.919Z"}, "title": "CVE Program Container", "references": [{"name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"}, {"name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"}, {"name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"}, {"name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"}, {"name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"}, {"name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"}, {"name": "108044", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108044"}, {"name": "RHSA-2019:0886", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0886"}, {"name": "RHSA-2019:1399", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1399"}, {"name": "RHSA-2019:1400", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1400"}, {"name": "RHSA-2019:1398", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1398"}, {"name": "RHSA-2019:2777", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2777"}, {"name": "RHSA-2019:2778", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2778"}, {"name": "RHSA-2019:2779", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2779"}, {"name": "RHSA-2019:2780", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2780"}, {"name": "RHSA-2019:2781", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2781"}, {"name": "RHSA-2019:2782", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2782"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-0223", "datePublished": "2019-04-23T15:57:07", "dateReserved": "2018-11-14T00:00:00", "dateUpdated": "2024-08-04T17:44:15.919Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:qpid:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF9D1E83-264F-4FD3-91DC-7E5CC856C36D", "versionEndIncluding": "0.27.0", "versionStartIncluding": "0.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_amq_clients_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A493C8B-B5B9-4BE2-A449-24BE131FF8D3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*", "matchCriteriaId": "EB7F358B-5E56-41AB-BB8A-23D3CB7A248B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "87F6E32E-6AF3-489A-AFEF-D5309E0D1779", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB283C80-F7AF-4776-8432-655E50D7D65B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "D5B7C3FA-0F90-47ED-835F-FBA07B3993E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*", "matchCriteriaId": "92C9F1C4-55B0-426D-BB5E-01372C23AF97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic."}, {"lang": "es", "value": "Mientras investig\u00e1bamos el error PROTON-2014, descubrimos que en algunas circunstancias las versiones de Apache Qpid Proton 0.9 a 0.27.0 (librer\u00eda de C y sus adaptaciones de lenguaje) pueden conectarse a un peer de forma an\u00f3nima utilizando TLS *incluso cuando est\u00e1 configurado para verificar el certificado del peer* mientras se utiliza con versiones de OpenSSL anteriores a la 1.1.0. Esto significa que un ataque man in the middle podr\u00eda ser construido si un atacante puede interceptar el tr\u00e1fico TLS."}], "id": "CVE-2019-0223", "lastModified": "2023-11-07T03:01:52.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-23T16:29:00.467", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/23/4"}, {"source": "security@apache.org", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/bid/108044"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0886"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1398"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1399"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:1400"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2777"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2778"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2779"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2780"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2781"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2782"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f%40%3Cusers.qpid.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5%40%3Cdev.qpid.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b%40%3Cdev.qpid.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0%40%3Cannounce.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0886", "cpe": "cpe:/a:redhat:a_mq_clients:2::el6", "impact": "moderate", "package": "qpid-proton-0:0.27.0-3.el6", "product_name": "AMQ Clients 2.y for RHEL 6", "release_date": "2019-04-25T00:00:00Z"}, {"advisory": "RHSA-2019:0886", "cpe": "cpe:/a:redhat:a_mq_clients:2::el7", "impact": "moderate", "package": "qpid-proton-0:0.27.0-3.el7", "product_name": "AMQ Clients 2.y for RHEL 7", "release_date": "2019-04-25T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ansible-runner-0:1.3.4-2.el8ar", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ansible-tower-0:3.5.2-1.el8at", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "cfme-0:5.11.0.28-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "cfme-amazon-smartstate-0:5.11.0.28-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "cfme-appliance-0:5.11.0.28-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "cfme-gemset-0:5.11.0.28-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-cluster-upgrade-0:1.1.13-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-disaster-recovery-0:1.2.0-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-engine-setup-0:1.1.9-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-hosted-engine-setup-0:1.0.26-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-image-template-0:1.1.11-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-infra-0:1.1.12-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-manageiq-0:1.1.14-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-repositories-0:1.1.5-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-roles-0:1.1.7-2.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-shutdown-env-0:1.0.3-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "ovirt-ansible-vm-infra-0:1.1.19-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "prince-0:12.4-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python3-ovirt-engine-sdk4-0:4.3.2-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-bambou-0:3.0.1-2.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-colorama-0:0.4.1-1.el8ost", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-daemon-0:2.1.2-9.el8ar", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-funcsigs-0:1.0.2-3.el8ost", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-future-0:0.16.0-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-lockfile-1:0.11.0-8.el8ar", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-mock-0:2.0.0-11.el8ost", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-pbr-0:5.1.2-2.el8ost", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-pexpect-0:4.6-2.el8ar", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-psutil-0:5.4.3-5.el8ar", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-pylxca-0:2.1.1-2.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-requests-toolbelt-0:0.8.0-2.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-tabulate-0:0.8.2-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "python-vspk-0:5.3.2-2.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "qpid-proton-0:0.28.0-1.el8", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "repmgr10-0:4.0.6-3.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-bcrypt-0:3.1.13-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-byebug-0:11.0.1-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-escape_utils-0:1.2.1-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-ffi-0:1.9.25-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-hamlit-0:2.8.10-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-http_parser.rb-0:0.6.0-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-linux_block_device-0:0.2.1-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-memory_buffer-0:0.1.0-2.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-nio4r-0:2.4.0-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-nokogiri-0:1.8.5-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-ovirt-engine-sdk4-0:4.3.0-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-puma-0:3.7.1-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-qpid_proton-0:0.26.0-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-rugged-0:0.28.2-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-sassc-0:2.0.1-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-sqlite3-0:1.3.13-2.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-surro-gate-0:1.0.5-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-unf_ext-0:0.0.7.6-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "rubygem-websocket-driver-0:0.6.5-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "smem-0:1.4-1.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "v2v-conversion-host-0:1.14.2-1.el8ev", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHBA-2019:4199", "cpe": "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "impact": "moderate", "package": "wmi-0:1.3.14-8.el8cf", "product_name": "CloudForms Management Engine 5.11", "release_date": "2019-12-12T00:00:00Z"}, {"advisory": "RHSA-2019:1400", "cpe": "cpe:/a:redhat:openstack:13::el7", "impact": "moderate", "package": "jsoncpp-0:1.7.7-1.el7", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-06-06T00:00:00Z"}, {"advisory": "RHSA-2019:1400", "cpe": "cpe:/a:redhat:openstack:13::el7", "impact": "moderate", "package": "qpid-proton-0:0.27.0-3.el7", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2019-06-06T00:00:00Z"}, {"advisory": "RHSA-2019:1398", "cpe": "cpe:/a:redhat:openstack-optools:14::el7", "impact": "moderate", "package": "qpid-proton-0:0.27.0-3.el7", "product_name": "Red Hat OpenStack Platform 14.0 Operational Tools for RHEL 7", "release_date": "2019-06-06T00:00:00Z"}, {"advisory": "RHSA-2019:1399", "cpe": "cpe:/a:redhat:openstack:14::el7", "impact": "moderate", "package": "qpid-proton-0:0.27.0-3.el7", "product_name": "Red Hat OpenStack Platform 14.0 (Rocky)", "release_date": "2019-06-06T00:00:00Z"}, {"advisory": "RHSA-2019:2779", "cpe": "cpe:/a:redhat:satellite:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Red Hat Satellite 6.3 for RHEL 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2779", "cpe": "cpe:/a:redhat:satellite_capsule:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Red Hat Satellite 6.3 for RHEL 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2778", "cpe": "cpe:/a:redhat:satellite:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Red Hat Satellite 6.4 for RHEL 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2778", "cpe": "cpe:/a:redhat:satellite_capsule:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Red Hat Satellite 6.4 for RHEL 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2777", "cpe": "cpe:/a:redhat:satellite:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Red Hat Satellite 6.5 for RHEL 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2777", "cpe": "cpe:/a:redhat:satellite_capsule:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Red Hat Satellite 6.5 for RHEL 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el5", "package": "qpid-proton-0:0.9-22.el5", "product_name": "Satellite Tools 6.3 for RHEL 5.9.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el5", "package": "qpid-proton-0:0.9-22.el5", "product_name": "Satellite Tools 6.3 for RHEL 5.ELS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package": "qpid-proton-0:0.16.0-14.el6sat", "product_name": "Satellite Tools 6.3 for RHEL 6", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package": "qpid-proton-0:0.16.0-14.el6sat", "product_name": "Satellite Tools 6.3 for RHEL 6.4.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package": "qpid-proton-0:0.16.0-14.el6sat", "product_name": "Satellite Tools 6.3 for RHEL 6.5.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package": "qpid-proton-0:0.16.0-14.el6sat", "product_name": "Satellite Tools 6.3 for RHEL 6.6.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el6", "package": "qpid-proton-0:0.16.0-14.el6sat", "product_name": "Satellite Tools 6.3 for RHEL 6.7.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.2.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.2.E4S", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.2.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.3.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.3.E4S", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.3.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.4.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.4.E4S", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.4.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.5.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.6.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.6.E4S", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2781", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.3::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.3 for RHEL 7.6.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el5", "package": "qpid-proton-0:0.9-22.el5", "product_name": "Satellite Tools 6.4 for RHEL 5.9.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el5", "package": "qpid-proton-0:0.9-22.el5", "product_name": "Satellite Tools 6.4 for RHEL 5.ELS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el6", "package": "qpid-proton-0:0.16.0-14.el6sat", "product_name": "Satellite Tools 6.4 for RHEL 6", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el6", "package": "qpid-proton-0:0.16.0-14.el6sat", "product_name": "Satellite Tools 6.4 for RHEL 6.7.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.2.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.2.E4S", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.2.TUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.3.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.3.E4S", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.3.TUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.4.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.4.E4S", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.4.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.4.TUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.5.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.6.AUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.6.E4S", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.6.EUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2782", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.4::el7", "package": "qpid-proton-0:0.16.0-14.el7sat", "product_name": "Satellite Tools 6.4 for RHEL 7.6.TUS", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "qpid-proton-0:0.9-22.el5", "product_name": "Satellite Tools 6.5 for RHEL 5.9.AUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el5", "package": "qpid-proton-0:0.9-22.el5", "product_name": "Satellite Tools 6.5 for RHEL 5.ELS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el6", "package": "qpid-proton-0:0.16.0-14.el6sat", "product_name": "Satellite Tools 6.5 for RHEL 6", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.2.AUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.2.E4S", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.2.TUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.3.AUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.3.E4S", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.3.TUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.4.AUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.4.E4S", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.4.EUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.4.TUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.5.EUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.6.AUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.6.E4S", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.6.EUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el7", "package": "qpid-proton-0:0.28.0-1.el7", "product_name": "Satellite Tools 6.5 for RHEL 7.6.TUS", "release_date": "2019-09-17T00:00:00Z"}, {"advisory": "RHSA-2019:2780", "cpe": "cpe:/a:redhat:rhel_satellite_tools:6.5::el8", "package": "qpid-proton-0:0.28.0-1.el8", "product_name": "Satellite Tools 6.5 for RHEL 8", "release_date": "2019-09-17T00:00:00Z"}], "bugzilla": {"description": "qpid-proton: TLS Man in the Middle Vulnerability", "id": "1702439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1702439"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-358->CWE-300", "details": ["While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.", "A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted."], "mitigation": {"lang": "en:us", "value": "This attack will not work if client-certificate authentication is in place because anonymous ciphers would not then be available.\nAnother possible mitigation is to disable anonymous ciphers on clients."}, "name": "CVE-2019-0223", "package_state": [{"cpe": "cpe:/a:redhat:amq_interconnect:1", "fix_state": "Affected", "impact": "moderate", "package_name": "qpid-proton", "product_name": "A-MQ Interconnect 1"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:3", "fix_state": "Will not fix", "impact": "moderate", "package_name": "qpid-proton", "product_name": "Red Hat Enterprise MRG 3"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "proton-j", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "impact": "moderate", "package_name": "qpid-proton", "product_name": "Red Hat JBoss A-MQ 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "proton-j", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "impact": "moderate", "package_name": "proton-j", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Affected", "impact": "moderate", "package_name": "proton-j", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "impact": "moderate", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:rhui:3", "fix_state": "Will not fix", "package_name": "qpid-proton", "product_name": "Red Hat Update Infrastructure 3 for Cloud Providers"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "impact": "moderate", "package_name": "redhat-virtualization-host", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-04-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-0223\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0223\nhttps://qpid.apache.org/cves/CVE-2019-0223.html"], "statement": "Red Hat OpenStack Platform 14 (and its Operational Tools) is impacted by this flaw; other supported versions are not vulnerable.\nRed Hat Virtualization 4 uses qpid-proton for katello-agent, which always uses client certificate authentication.\nRed Hat Update Infrastructure 3 is impacted by this flaw, however in its default configuration client certificate authentication is used and qpidd service, which uses qpid-proton, cannot be reach from other machines.", "threat_severity": "Important", "upstream_fix": "qpid-proton 0.27.1"}