Vulnerabilities > Apache > Qpid Proton > 0.13.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-02 | CVE-2016-4467 | Improper Certificate Validation vulnerability in Apache Qpid Proton The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | 5.9 |