QwikSec

Security Database

CVE

CWE

Training

CVE-2016-4467

Published: May 2, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

[oss-security] 20160715 [SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on Windows

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

[qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.