CVE-2015-0223

Impact:
Moderate
Public Date:
2015-01-27
Bugzilla:
1186308: CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented
It was discovered that the Qpid daemon (qpidd) did not restrict access to anonymous users when the ANONYMOUS mechanism was disallowed.

Find out more about CVE-2015-0223 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 5.8
Base Metrics AV:A/AC:L/Au:N/C:P/I:P/A:P
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat MRG Messaging v.3 for RHEL-7 (qpid-cpp) RHSA-2015:0708 2015-03-19
Red Hat Satellite 6.1 - Optional RHBA-2016:1500 2016-07-27
Red Hat Satellite 6.2 RHBA-2016:1500 2016-07-27
Red Hat MRG Messaging v.2 for RHEL-7 (qpid-cpp) RHSA-2015:0660 2015-03-09
Red Hat MRG Grid Execute Node for RHEL 6 ComputeNode v.2 (qpid-cpp) RHSA-2015:0661 2015-03-09
Red Hat MRG Grid for RHEL 6 Server v.2 (qpid-cpp) RHSA-2015:0661 2015-03-09
Red Hat Satellite Capsule 6.2 RHBA-2016:1500 2016-07-27
MRG Grid for RHEL 5 Server v.2 (qpid-cpp-mrg) RHSA-2015:0662 2015-03-09
Red Hat MRG Messaging for RHEL 6 Server v.3 (qpid-cpp) RHSA-2015:0707 2015-03-19
Red Hat Satellite Capsule 6.1 RHBA-2016:1500 2016-07-27

Affected Packages State

Platform Package State
Red Hat Satellite 6 qpid-cpp Will not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) qpid-cpp Will not fix
Red Hat Enterprise Linux 6 qpid-cpp Will not fix

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.