cvedb.io
CVE-2016-2166
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2016-04-12T14:59:11.183 · Last modified 2026-06-17T00:43:34.187

Summary

The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain sensitive information or modify data via unspecified vectors.

Affected products

apache — qpid_proton

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.