CVE-2016-3094

Name of the Vulnerable Software and Affected Versions Apache Qpid Java versions prior to 6.0.3

Description The issue allows remote attackers to cause a denial of service, leading to broker termination, via a crafted authentication attempt. This occurs when the broker is configured to allow plaintext passwords and an uncaught exception is triggered.

Recommendations For versions prior to 6.0.3, update to version 6.0.3 or later to resolve the issue. As a temporary workaround, consider disabling the plaintext password allowance until a patch is available. Restrict access to the authentication mechanism to minimize the risk of exploitation.