CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
75.5%
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | activemq | * | cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* |
apache | activemq | 4.0 | cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:* |
apache | activemq | 4.0 | cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:* |
apache | activemq | 4.0 | cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:* |
apache | activemq | 4.0.1 | cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:* |
apache | activemq | 4.0.2 | cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:* |
apache | activemq | 4.1.0 | cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:* |
apache | activemq | 4.1.1 | cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:* |
apache | activemq | 5.0.0 | cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:* |
apache | activemq | 5.1.0 | cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:* |
activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.html
activemq.apache.org/activemq-580-release.html
rhn.redhat.com/errata/RHSA-2013-1029.html
rhn.redhat.com/errata/RHSA-2013-1221.html
www.securityfocus.com/bid/59402
fisheye6.atlassian.com/changelog/activemq?cs=1404998
issues.apache.org/jira/browse/AMQ-4124
issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282