Plataforma
java
Componente
org.apache.qpid:qpid-broker
Corrigido em
6.0.0
CVE-2017-15702 describes an authentication port spoofing vulnerability affecting Apache Qpid Broker-J versions 0.18 through 0.32. This flaw allows a remote, unauthenticated attacker to manipulate the broker's authentication process by exploiting misconfigured ports. Successful exploitation could lead to unauthorized access to the broker, potentially compromising sensitive data and system resources. Affected versions include those prior to 6.0.0, with a fix available in version 6.0.0.
The core of this vulnerability lies in the broker's configuration when multiple authentication providers are used on different ports, including an HTTP port. An attacker can connect to the HTTP port and, through crafted requests, induce the broker to use an authentication provider configured on a different port. While the attacker still requires valid credentials for the spoofed authentication provider, the ability to bypass intended security measures is significant. This is particularly concerning if the spoofed port has weaker authentication controls, such as anonymous access or default credentials. The potential impact includes unauthorized access to message queues, data breaches, and potentially, lateral movement within the network if the broker is integrated with other systems. The attack pattern shares similarities with other authentication bypass vulnerabilities where misconfigurations enable unauthorized access.
CVE-2017-15702 was publicly disclosed on October 19, 2018. While no active exploitation campaigns have been definitively linked to this CVE, the CRITICAL severity and the relatively straightforward nature of the exploit make it a potential target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, increasing the risk of opportunistic exploitation.
Organizations utilizing Apache Qpid Broker-J in environments with multiple authentication providers configured across different ports are at significant risk. This includes deployments where HTTP ports are used for authentication or where default authentication configurations are in place. Shared hosting environments using Qpid Broker-J are also particularly vulnerable due to the potential for misconfigurations.
• java / server:
ps aux | grep qpid-broker• java / server:
journalctl -u qpid-broker -f | grep "Authentication provider"• generic web:
curl -I http://<qpid-broker-ip>:<port>/ | grep Authenticationdisclosure
Status do Exploit
EPSS
3.09% (percentil 87%)
Vetor CVSS
The primary mitigation for CVE-2017-15702 is to upgrade to Apache Qpid Broker-J version 6.0.0 or later, which includes the fix. If immediate upgrading is not feasible, carefully review and reconfigure the broker's authentication provider setup. Ensure that authentication providers are not configured on ports that are easily accessible or have weak security controls. Specifically, avoid using HTTP ports for authentication when stronger authentication mechanisms are available. Implement strict network segmentation to limit access to the broker. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests targeting the authentication endpoints. Monitor broker logs for suspicious authentication attempts.
Nenhum patch oficial disponível. Procure alternativas ou monitore atualizações.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2017-15702 is a critical vulnerability in Apache Qpid Broker-J versions 0.18 through 0.32 that allows an attacker to spoof authentication ports, potentially gaining unauthorized access.
If you are running Apache Qpid Broker-J versions 0.18 through 0.32, you are potentially affected by this vulnerability. Upgrade to version 6.0.0 or later to mitigate the risk.
The recommended fix is to upgrade to Apache Qpid Broker-J version 6.0.0 or later. If upgrading is not immediately possible, review and reconfigure your authentication provider setup.
While no confirmed active exploitation campaigns have been publicly reported, the vulnerability's critical severity and available proof-of-concept exploits suggest a potential risk of exploitation.
Refer to the Apache Qpid security advisory for detailed information and updates: https://qpid.apache.org/security/advisories/CVE-2017-15702
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.