[
https://issues.apache.org/jira/browse/QPID-8039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-8039:
-----------------------------
Description:
In Qpid Broker-J 0.18..0.32 the when connecting to the HTTP port, it is
possible to trick the port into using an authentication provider other than the
one configured on the port. This becomes an issue if many authentication
providers are configured and one offers less trust than another.
This was resolved in Qpid Broker-J v6.0.0 and above.
was:To be filled in later.
> [CVE-2017-15702] [Broker-J] HTTP Ports may be tricked into using the wrong
> authentication provider
> --------------------------------------------------------------------------------------------------
>
> Key: QPID-8039
> URL: https://issues.apache.org/jira/browse/QPID-8039
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
> Affects Versions: 0.18, 0.32
> Reporter: Lorenz Quack
> Fix For: qpid-java-6.0
>
>
> In Qpid Broker-J 0.18..0.32 the when connecting to the HTTP port, it is
> possible to trick the port into using an authentication provider other than
> the one configured on the port. This becomes an issue if many
> authentication providers are configured and one offers less trust than
> another.
> This was resolved in Qpid Broker-J v6.0.0 and above.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
