UBUNTU-CVE-2016-2166

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2016-2166
Published: 12 Apr 2016, 14:59
Last modified:22 Apr 2026, 10:36

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

12 Apr 2016, 14:59
Published
Vulnerability first disclosed
22 Apr 2026, 10:36
Last Modified
Vulnerability information updated

Description

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

CVSS Metrics

  • v3.0MEDIUMScore: 6.5CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected Systems

  • ubuntuqpid-proton

    all

References (4)