Activemq@5.0.0 Security Vulnerabilities and Issues — Activemq@5.0.0 CVE List

Lucene search

ApacheActivemq5.0.0

16 matches found

CVE•added 2015/08/19 3:59 p.m.•188 views

CVE-2015-1830

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.

5CVSS9.1AI score0.88003EPSS

CVE•added 2016/01/08 7:59 p.m.•159 views

CVE-2015-5254

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

9.8CVSS8.7AI score0.77148EPSS

CVE•added 2015/08/24 2:59 p.m.•121 views

CVE-2014-3612

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...

7.5CVSS9.7AI score0.00896EPSS

CVE•added 2017/10/27 7:29 p.m.•119 views

CVE-2014-3600

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

9.8CVSS9.3AI score0.00391EPSS

CVE•added 2015/08/24 2:59 p.m.•109 views

CVE-2015-6524

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...

5CVSS9AI score0.00896EPSS

CVE•added 2013/07/20 3:37 a.m.•101 views

CVE-2013-1879

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."

4.3CVSS7.4AI score0.04259EPSS

CVE•added 2012/01/05 4:55 p.m.•99 views

CVE-2011-4905

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

5CVSS8.1AI score0.07735EPSS

CVE•added 2016/04/07 7:59 p.m.•81 views

CVE-2016-0734

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

6.1CVSS6.1AI score0.04501EPSS

CVE•added 2010/04/28 10:30 p.m.•76 views

CVE-2010-1587

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

5CVSS6.8AI score0.70253EPSS

CVE•added 2013/04/21 9:55 p.m.•76 views

CVE-2012-6092

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving...

4.3CVSS7.8AI score0.04105EPSS

CVE•added 2013/04/21 9:55 p.m.•75 views

CVE-2012-6551

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

5CVSS8.8AI score0.04105EPSS

CVE•added 2015/02/12 4:59 p.m.•71 views

CVE-2014-8110

Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS8AI score0.03908EPSS

CVE•added 2013/04/21 9:55 p.m.•68 views

CVE-2013-3060

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

6.4CVSS8.9AI score0.01019EPSS

CVE•added 2010/04/05 4:30 p.m.•63 views

CVE-2010-0684

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

3.5CVSS7.1AI score0.00286EPSS

CVE•added 2014/02/05 6:55 p.m.•62 views

CVE-2013-1880

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

4.3CVSS7.5AI score0.01945EPSS

CVE•added 2010/04/05 4:30 p.m.•57 views

CVE-2010-1244

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

6.8CVSS7.2AI score0.00437EPSS