CVE-2017-15702

In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/102040	Third Party Advisory VDB Entry
https://issues.apache.org/jira/browse/QPID-8039	Vendor Advisory
https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090%40%3Cdev.qpid.apache.org%3E
https://qpid.apache.org/cves/CVE-2017-15702.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*

History

22 May 2023, 15:46

Type	Values Removed	Values Added
CPE	cpe:2.3:a:apache:qpid_java::::::::	cpe:2.3:a:apache:qpid_broker-j::::::::

Information

Published : 2017-12-01 15:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-15702

Mitre link : CVE-2017-15702

CVE.ORG link : CVE-2017-15702

JSON object : View

Products Affected

apache

qpid_broker-j

CWE

NVD-CWE-noinfo

{"id": "CVE-2017-15702", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-12-01T15:29:00.260", "references": [{"url": "http://www.securityfocus.com/bid/102040", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://issues.apache.org/jira/browse/QPID-8039", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090%40%3Cdev.qpid.apache.org%3E", "source": "security@apache.org"}, {"url": "https://qpid.apache.org/cves/CVE-2017-15702.html", "tags": ["Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected."}, {"lang": "es", "value": "En las versiones 0.18 a 0.32 de Broker-J de Apache Qpid, si el broker est\u00e1 configurado con diferentes proveedores de autenticaci\u00f3n en diferentes puertos (uno de ellos es un puerto HTTP), un atacante remoto no autenticado puede enga\u00f1ar al broker conect\u00e1ndose al puerto HTTP para que utilice un proveedor de autenticaci\u00f3n que se configur\u00f3 en un puerto diferente. El atacante a\u00fan necesitar\u00eda credenciales v\u00e1lidas con el proveedor de autenticaci\u00f3n en el puerto suplantado. Esto es un problema cuando el puerto suplantado tiene una protecci\u00f3n de autenticaci\u00f3n m\u00e1s d\u00e9bil (por ejemplo, acceso an\u00f3nimo, cuentas por defecto, etc.) y normalmente se protege con reglas de firewall o similares que pueden ser omitidos con esta vulnerabilidad. Los puertos AMQP no se ven afectados. Las versiones 6.0.0 y posteriores no se ven afectadas."}], "lastModified": "2023-11-07T02:40:21.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:qpid_broker-j:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78C295BD-3BF5-44E3-B0A6-14A060C1042D", "versionEndIncluding": "0.32", "versionStartIncluding": "0.18"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}