CVE-2019-0223 - While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton

CVE-2019-0223

Summary

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.

References

Vulnerable Configurations

cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.27.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:qpid:0.27.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_amq_clients_2:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_amq_clients_2:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

CVSS

Base:	5.8 (as of 22-04-2022 - 20:09)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

redhat via4

advisories

rhsa
id RHSA-2019:0886
rhsa
id RHSA-2019:1398
rhsa
id RHSA-2019:1399
rhsa
id RHSA-2019:1400
rhsa
id RHSA-2019:2777
rhsa
id RHSA-2019:2778
rhsa
id RHSA-2019:2779
rhsa
id RHSA-2019:2780
rhsa
id RHSA-2019:2781
rhsa
id RHSA-2019:2782

rpms

ansible-runner-0:1.3.4-2.el8ar
ansible-tower-venv-ansible-0:3.5.2-1.el8at
cfme-0:5.11.0.28-1.el8cf
cfme-amazon-smartstate-0:5.11.0.28-1.el8cf
cfme-appliance-0:5.11.0.28-1.el8cf
cfme-appliance-common-0:5.11.0.28-1.el8cf
cfme-appliance-tools-0:5.11.0.28-1.el8cf
cfme-gemset-0:5.11.0.28-1.el8cf
ovirt-ansible-cluster-upgrade-0:1.1.13-1.el8ev
ovirt-ansible-disaster-recovery-0:1.2.0-1.el8ev
ovirt-ansible-engine-setup-0:1.1.9-1.el8ev
ovirt-ansible-hosted-engine-setup-0:1.0.26-1.el8ev
ovirt-ansible-image-template-0:1.1.11-1.el8ev
ovirt-ansible-infra-0:1.1.12-1.el8ev
ovirt-ansible-manageiq-0:1.1.14-1.el8ev
ovirt-ansible-repositories-0:1.1.5-1.el8ev
ovirt-ansible-roles-0:1.1.7-2.el8ev
ovirt-ansible-shutdown-env-0:1.0.3-1.el8ev
ovirt-ansible-vm-infra-0:1.1.19-1.el8ev
prince-0:12.4-1.el8cf
python-psutil-debugsource-0:5.4.3-5.el8ar
python3-ansible-runner-0:1.3.4-2.el8ar
python3-bambou-0:3.0.1-2.el8cf
python3-colorama-0:0.4.1-1.el8ost
python3-daemon-0:2.1.2-9.el8ar
python3-funcsigs-0:1.0.2-3.el8ost
python3-future-0:0.16.0-1.el8cf
python3-lockfile-1:0.11.0-8.el8ar
python3-mock-0:2.0.0-11.el8ost
python3-ovirt-engine-sdk4-0:4.3.2-1.el8ev
python3-ovirt-engine-sdk4-debuginfo-0:4.3.2-1.el8ev
python3-ovirt-engine-sdk4-debugsource-0:4.3.2-1.el8ev
python3-pbr-0:5.1.2-2.el8ost
python3-pexpect-0:4.6-2.el8ar
python3-psutil-0:5.4.3-5.el8ar
python3-psutil-debuginfo-0:5.4.3-5.el8ar
python3-pylxca-0:2.1.1-2.el8cf
python3-qpid-proton-debuginfo-0:0.28.0-1.el8
python3-requests-toolbelt-0:0.8.0-2.el8cf
python3-tabulate-0:0.8.2-1.el8cf
python3-vspk-0:5.3.2-2.el8cf
qpid-proton-c-0:0.28.0-1.el8
qpid-proton-c-debuginfo-0:0.28.0-1.el8
qpid-proton-c-devel-0:0.28.0-1.el8
qpid-proton-c-docs-0:0.28.0-1.el8
qpid-proton-cpp-debuginfo-0:0.28.0-1.el8
qpid-proton-debuginfo-0:0.28.0-1.el8
qpid-proton-debugsource-0:0.28.0-1.el8
repmgr10-0:4.0.6-3.el8cf
repmgr10-debuginfo-0:4.0.6-3.el8cf
repmgr10-debugsource-0:4.0.6-3.el8cf
rubygem-bcrypt-0:3.1.13-1.el8cf
rubygem-bcrypt-debuginfo-0:3.1.13-1.el8cf
rubygem-bcrypt-debugsource-0:3.1.13-1.el8cf
rubygem-bcrypt-doc-0:3.1.13-1.el8cf
rubygem-byebug-0:11.0.1-1.el8cf
rubygem-byebug-debuginfo-0:11.0.1-1.el8cf
rubygem-byebug-debugsource-0:11.0.1-1.el8cf
rubygem-byebug-doc-0:11.0.1-1.el8cf
rubygem-escape_utils-0:1.2.1-1.el8cf
rubygem-escape_utils-debuginfo-0:1.2.1-1.el8cf
rubygem-escape_utils-debugsource-0:1.2.1-1.el8cf
rubygem-escape_utils-doc-0:1.2.1-1.el8cf
rubygem-ffi-0:1.9.25-1.el8cf
rubygem-ffi-debuginfo-0:1.9.25-1.el8cf
rubygem-ffi-debugsource-0:1.9.25-1.el8cf
rubygem-ffi-doc-0:1.9.25-1.el8cf
rubygem-hamlit-0:2.8.10-1.el8cf
rubygem-hamlit-debuginfo-0:2.8.10-1.el8cf
rubygem-hamlit-debugsource-0:2.8.10-1.el8cf
rubygem-hamlit-doc-0:2.8.10-1.el8cf
rubygem-http_parser.rb-0:0.6.0-1.el8cf
rubygem-http_parser.rb-debuginfo-0:0.6.0-1.el8cf
rubygem-http_parser.rb-debugsource-0:0.6.0-1.el8cf
rubygem-http_parser.rb-doc-0:0.6.0-1.el8cf
rubygem-linux_block_device-0:0.2.1-1.el8cf
rubygem-linux_block_device-debuginfo-0:0.2.1-1.el8cf
rubygem-linux_block_device-debugsource-0:0.2.1-1.el8cf
rubygem-linux_block_device-doc-0:0.2.1-1.el8cf
rubygem-memory_buffer-0:0.1.0-2.el8cf
rubygem-memory_buffer-debuginfo-0:0.1.0-2.el8cf
rubygem-memory_buffer-debugsource-0:0.1.0-2.el8cf
rubygem-memory_buffer-doc-0:0.1.0-2.el8cf
rubygem-nio4r-0:2.4.0-1.el8cf
rubygem-nio4r-debuginfo-0:2.4.0-1.el8cf
rubygem-nio4r-debugsource-0:2.4.0-1.el8cf
rubygem-nio4r-doc-0:2.4.0-1.el8cf
rubygem-nokogiri-0:1.8.5-1.el8cf
rubygem-nokogiri-debuginfo-0:1.8.5-1.el8cf
rubygem-nokogiri-debugsource-0:1.8.5-1.el8cf
rubygem-nokogiri-doc-0:1.8.5-1.el8cf
rubygem-ovirt-engine-sdk4-0:4.3.0-1.el8cf
rubygem-ovirt-engine-sdk4-debuginfo-0:4.3.0-1.el8cf
rubygem-ovirt-engine-sdk4-debugsource-0:4.3.0-1.el8cf
rubygem-ovirt-engine-sdk4-doc-0:4.3.0-1.el8cf
rubygem-puma-0:3.7.1-1.el8cf
rubygem-puma-debuginfo-0:3.7.1-1.el8cf
rubygem-puma-debugsource-0:3.7.1-1.el8cf
rubygem-puma-doc-0:3.7.1-1.el8cf
rubygem-qpid_proton-0:0.26.0-1.el8cf
rubygem-qpid_proton-debuginfo-0:0.26.0-1.el8cf
rubygem-qpid_proton-debugsource-0:0.26.0-1.el8cf
rubygem-qpid_proton-doc-0:0.26.0-1.el8cf
rubygem-rugged-0:0.28.2-1.el8cf
rubygem-rugged-debuginfo-0:0.28.2-1.el8cf
rubygem-rugged-debugsource-0:0.28.2-1.el8cf
rubygem-rugged-doc-0:0.28.2-1.el8cf
rubygem-sassc-0:2.0.1-1.el8cf
rubygem-sassc-debuginfo-0:2.0.1-1.el8cf
rubygem-sassc-debugsource-0:2.0.1-1.el8cf
rubygem-sassc-doc-0:2.0.1-1.el8cf
rubygem-sqlite3-0:1.3.13-2.el8cf
rubygem-sqlite3-debuginfo-0:1.3.13-2.el8cf
rubygem-sqlite3-debugsource-0:1.3.13-2.el8cf
rubygem-sqlite3-doc-0:1.3.13-2.el8cf
rubygem-surro-gate-0:1.0.5-1.el8cf
rubygem-surro-gate-debuginfo-0:1.0.5-1.el8cf
rubygem-surro-gate-debugsource-0:1.0.5-1.el8cf
rubygem-surro-gate-doc-0:1.0.5-1.el8cf
rubygem-unf_ext-0:0.0.7.6-1.el8cf
rubygem-unf_ext-debuginfo-0:0.0.7.6-1.el8cf
rubygem-unf_ext-debugsource-0:0.0.7.6-1.el8cf
rubygem-unf_ext-doc-0:0.0.7.6-1.el8cf
rubygem-websocket-driver-0:0.6.5-1.el8cf
rubygem-websocket-driver-debuginfo-0:0.6.5-1.el8cf
rubygem-websocket-driver-debugsource-0:0.6.5-1.el8cf
rubygem-websocket-driver-doc-0:0.6.5-1.el8cf
smem-0:1.4-1.el8cf
v2v-conversion-host-ansible-0:1.14.2-1.el8ev
wmi-0:1.3.14-8.el8cf
wmi-debuginfo-0:1.3.14-8.el8cf
wmi-debugsource-0:1.3.14-8.el8cf
python-qpid-proton-0:0.27.0-3.el6
python-qpid-proton-0:0.27.0-3.el7
python-qpid-proton-docs-0:0.27.0-3.el6
python-qpid-proton-docs-0:0.27.0-3.el7
qpid-proton-c-0:0.27.0-3.el6
qpid-proton-c-0:0.27.0-3.el7
qpid-proton-c-devel-0:0.27.0-3.el6
qpid-proton-c-devel-0:0.27.0-3.el7
qpid-proton-c-docs-0:0.27.0-3.el6
qpid-proton-c-docs-0:0.27.0-3.el7
qpid-proton-cpp-0:0.27.0-3.el6
qpid-proton-cpp-0:0.27.0-3.el7
qpid-proton-cpp-devel-0:0.27.0-3.el6
qpid-proton-cpp-devel-0:0.27.0-3.el7
qpid-proton-cpp-docs-0:0.27.0-3.el6
qpid-proton-cpp-docs-0:0.27.0-3.el7
qpid-proton-debuginfo-0:0.27.0-3.el6
qpid-proton-debuginfo-0:0.27.0-3.el7
qpid-proton-tests-0:0.27.0-3.el6
qpid-proton-tests-0:0.27.0-3.el7
qpid-proton-c-0:0.27.0-3.el7
qpid-proton-debuginfo-0:0.27.0-3.el7
python-qpid-proton-0:0.27.0-3.el7
qpid-proton-c-0:0.27.0-3.el7
qpid-proton-debuginfo-0:0.27.0-3.el7
jsoncpp-0:1.7.7-1.el7
jsoncpp-debuginfo-0:1.7.7-1.el7
python-qpid-proton-0:0.27.0-3.el7
qpid-proton-c-0:0.27.0-3.el7
qpid-proton-cpp-0:0.27.0-3.el7
qpid-proton-debuginfo-0:0.27.0-3.el7
python-qpid-proton-0:0.28.0-1.el7
qpid-proton-c-0:0.28.0-1.el7
qpid-proton-debuginfo-0:0.28.0-1.el7
python-qpid-proton-0:0.16.0-14.el7sat
qpid-proton-c-0:0.16.0-14.el7sat
qpid-proton-debuginfo-0:0.16.0-14.el7sat
python-qpid-proton-0:0.16.0-14.el7sat
qpid-proton-c-0:0.16.0-14.el7sat
qpid-proton-debuginfo-0:0.16.0-14.el7sat
python-qpid-proton-0:0.16.0-14.el6sat
python-qpid-proton-0:0.28.0-1.el7
python-qpid-proton-0:0.9-22.el5
python3-qpid-proton-0:0.28.0-1.el8
python3-qpid-proton-debuginfo-0:0.28.0-1.el8
qpid-proton-c-0:0.16.0-14.el6sat
qpid-proton-c-0:0.28.0-1.el7
qpid-proton-c-0:0.28.0-1.el8
qpid-proton-c-0:0.9-22.el5
qpid-proton-c-debuginfo-0:0.28.0-1.el8
qpid-proton-cpp-debuginfo-0:0.28.0-1.el8
qpid-proton-debuginfo-0:0.16.0-14.el6sat
qpid-proton-debuginfo-0:0.28.0-1.el7
qpid-proton-debuginfo-0:0.28.0-1.el8
qpid-proton-debuginfo-0:0.9-22.el5
qpid-proton-debugsource-0:0.28.0-1.el8
python-qpid-proton-0:0.16.0-14.el6sat
python-qpid-proton-0:0.16.0-14.el7sat
python-qpid-proton-0:0.9-22.el5
qpid-proton-c-0:0.16.0-14.el6sat
qpid-proton-c-0:0.16.0-14.el7sat
qpid-proton-c-0:0.9-22.el5
qpid-proton-debuginfo-0:0.16.0-14.el6sat
qpid-proton-debuginfo-0:0.16.0-14.el7sat
qpid-proton-debuginfo-0:0.9-22.el5
python-qpid-proton-0:0.16.0-14.el6sat
python-qpid-proton-0:0.16.0-14.el7sat
python-qpid-proton-0:0.9-22.el5
qpid-proton-c-0:0.16.0-14.el6sat
qpid-proton-c-0:0.16.0-14.el7sat
qpid-proton-c-0:0.9-22.el5
qpid-proton-debuginfo-0:0.16.0-14.el6sat
qpid-proton-debuginfo-0:0.16.0-14.el7sat
qpid-proton-debuginfo-0:0.9-22.el5

refmap via4

bid	108044
misc	https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel
mlist	[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability [announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability [oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability [qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability [qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223

Last major update

22-04-2022 - 20:09

Published

23-04-2019 - 16:29

Last modified

22-04-2022 - 20:09