Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Qpid Python客户端SSL证书验证信息泄露漏洞
Vulnerability Description
Apache Qpid是美国阿帕奇(Apache)软件基金会开发的一款面向对象的消息中间件,它是一个AMQP(高级消息队列协议)的实现,可以和符合AMQP协议的系统进行通信,并提供了C++、Python、Java、C#等编程语言的客户端库。Qpid AMQP 0-x JMS client和Qpid JMS client都是其中的客户端组件。 Apache Qpid 2.2之前版本中的Python客户端中存在安全漏洞,该漏洞源于程序没有验证远程服务器的SSL证书。攻击者可借助任意有效的证书利用该漏洞实施中间
CVSS Information
N/A
Vulnerability Type
N/A