CVE-2016-2166 in Qpid Protoninfo

Summary

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

01/29/2016

Disclosure

04/12/2016

Moderation

VulDB entry created

Entries

VDB-82259 (1)

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

6.5

EPSS

0.00271

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2166
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2166
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2166/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!