CVE-2016-2166
medium
CVSS v3
6.5
CVSS v4 NEW
โ
VIR risk
6.5
Description
Moderate severity vulnerability that affects org.apache.qpid:proton-j
Predictions
Exploit likelihood
75%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Fedora Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| 23 | Affected | โ |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 0 |
| sid | Fixed | 0 |
| forky | Fixed | 0 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.qpid:proton-j | <0.12.1 | 0.12.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | qpid_proton | {"endIncluding":"0.12.0"} | |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182414.html
- http://packetstormsecurity.com/files/136403/Apache-Qpid-Proton-0.12.0-SSL-Failure.html
- http://qpid.apache.org/releases/qpid-proton-0.12.1/release-notes.html
- http://www.securityfocus.com/archive/1/537864/100/0/threaded
- https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git%3Bh=a058585
- https://issues.apache.org/jira/browse/PROTON-1157
- https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d%40%3Ccommits.qpid.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2016-2166
- https://git-wip-us.apache.org/repos/asf?p=qpid-proton.git;h=a058585
- https://github.com/advisories/GHSA-f5cf-f7px-xpmh
- https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E
- https://security-tracker.debian.org/tracker/CVE-2016-2166
CWEs
CWE-200
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.