CVE-2016-2166
medium
CVSS v3
6.5
CVSS v2
5.8
VIR risk
6.5
Description
Moderate severity vulnerability that affects org.apache.qpid:proton-j
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-2166
Vendor advisory: secalert@redhat.com — http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| fedora | 23 | affected | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
| debian | trixie | fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.qpid:proton-j | <0.12.1 | 0.12.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | qpid_proton | {"endIncluding":"0.12.0"} | |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html
- http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html
- http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
- http://www.securityfocus.com/archive/1/537864/100/0/threaded
- https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585
- https://issues.apache.org/jira/browse/PROTON-1157
- https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2016-2166
- https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585
- https://github.com/advisories/GHSA-f5cf-f7px-xpmh
- https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
- https://security-tracker.debian.org/tracker/CVE-2016-2166
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.