Loading...
[get complete service list]
Top of page
Top of page
Port Information
Protocol Service Name
tcp amqp AMQP
udp amqp AMQP
Top IPs Scanning
Today Yesterday
185.73.23.133 (324)185.73.23.133 (449)
107.170.240.39 (14)3.14.147.37 (419)
91.223.169.83 (13)192.155.81.124 (39)
192.241.194.76 (11)34.76.158.233 (20)
192.241.230.57 (11)198.199.93.66 (20)
107.170.240.49 (11)115.231.78.5 (16)
192.241.230.45 (11)104.156.155.11 (15)
185.47.172.129 (10)115.231.78.3 (14)
104.156.155.14 (10)167.94.146.19 (14)
104.152.52.237 (10)162.142.125.87 (12)
User Comments
Submitted By Date
Comment
Dr. J. 2021-12-02 13:17:03
AMQP Advanced Message Queueing Protocol. Multiple Vulnerabilities https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=amqp
Top of page
CVE Links
CVE # Description
CVE-2009-5005 The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
CVE-2012-3467 Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
CVE-2012-4446 The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
CVE-2012-4458 The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
CVE-2014-2814
CVE-2014-8711
CVE-2015-0203
CVE-2015-0862
CVE-2015-5240 A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking (neutron). An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking deployments that used either the ML2 plug-in or a plug-in that relied on the security groups AMQP API were affected.
CVE-2016-2173
CVE-2016-4432 The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.
CVE-2016-4974
CVE-2017-8045
CVE-2017-11408
CVE-2017-15699 A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.
CVE-2017-15701
CVE-2017-15702
CVE-2018-1298
CVE-2018-8030
CVE-2018-8119
CVE-2018-11050
CVE-2018-11087
CVE-2019-0200
CVE-2019-4227 IBM MQ 8.0.0.4 - 8.0.0.12, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.0 - 9.1.2 AMQP Listeners could allow an unauthorized user to conduct a session fixation attack due to clients not being disconnected as they should. IBM X-Force ID: 159352.
CVE-2019-18609
CVE-2020-4320
CVE-2020-4931
CVE-2020-27217
CVE-2020-27220
CVE-2021-22095 In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message
CVE-2021-22097
CVE-2021-22116 RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
Top of page