Platform
java
Component
org.apache.qpid:qpid-broker
Fixed in
6.0.0
CVE-2017-15702 describes an authentication port spoofing vulnerability affecting Apache Qpid Broker-J versions 0.18 through 0.32. This flaw allows a remote, unauthenticated attacker to manipulate the broker's authentication process by exploiting misconfigured ports. Successful exploitation could lead to unauthorized access to the broker, potentially compromising sensitive data and system resources. Affected versions include those prior to 6.0.0, with a fix available in version 6.0.0.
The core of this vulnerability lies in the broker's configuration when multiple authentication providers are used on different ports, including an HTTP port. An attacker can connect to the HTTP port and, through crafted requests, induce the broker to use an authentication provider configured on a different port. While the attacker still requires valid credentials for the spoofed authentication provider, the ability to bypass intended security measures is significant. This is particularly concerning if the spoofed port has weaker authentication controls, such as anonymous access or default credentials. The potential impact includes unauthorized access to message queues, data breaches, and potentially, lateral movement within the network if the broker is integrated with other systems. The attack pattern shares similarities with other authentication bypass vulnerabilities where misconfigurations enable unauthorized access.
CVE-2017-15702 was publicly disclosed on October 19, 2018. While no active exploitation campaigns have been definitively linked to this CVE, the CRITICAL severity and the relatively straightforward nature of the exploit make it a potential target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, increasing the risk of opportunistic exploitation.
Exploit Status
EPSS
3.09% (87% percentile)
CVSS Vector
The primary mitigation for CVE-2017-15702 is to upgrade to Apache Qpid Broker-J version 6.0.0 or later, which includes the fix. If immediate upgrading is not feasible, carefully review and reconfigure the broker's authentication provider setup. Ensure that authentication providers are not configured on ports that are easily accessible or have weak security controls. Specifically, avoid using HTTP ports for authentication when stronger authentication mechanisms are available. Implement strict network segmentation to limit access to the broker. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting the authentication endpoints. Monitor broker logs for suspicious authentication attempts.
No official patch available. Check for workarounds or monitor for updates.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2017-15702 is a critical vulnerability in Apache Qpid Broker-J versions 0.18 through 0.32 that allows an attacker to spoof authentication ports, potentially gaining unauthorized access.
If you are running Apache Qpid Broker-J versions 0.18 through 0.32, you are potentially affected by this vulnerability. Upgrade to version 6.0.0 or later to mitigate the risk.
The recommended fix is to upgrade to Apache Qpid Broker-J version 6.0.0 or later. If upgrading is not immediately possible, review and reconfigure your authentication provider setup.
While no confirmed active exploitation campaigns have been publicly reported, the vulnerability's critical severity and available proof-of-concept exploits suggest a potential risk of exploitation.
Refer to the Apache Qpid security advisory for detailed information and updates: https://qpid.apache.org/security/advisories/CVE-2017-15702
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.