3 matches found
CVE-2025-27533
CVE-2025-27533 in Apache ActiveMQ stems from unchecked buffer length during OpenWire unmarshalling, allowing excessive memory allocation and DoS. Affected versions include 6.0.0–6.1.5, 5.18.0–5.18.6, 5.17.0–5.17.6, 5.16.0–5.16.7; 5.19.0 is not affected. If not using mutual TLS, brokers may be vul...
CVE-2023-46604
CVE-2023-46604 – Apache ActiveMQ OpenWire deserialization RCE has concrete details in connected sources: the Java OpenWire protocol marshaller is vulnerable to remote code execution. A remote attacker with network access to a Java-based OpenWire broker or client can execute arbitrary shell comman...
CVE-2022-41678
CVE-2022-41678 : In Apache ActiveMQ, after authentication, an attacker can trigger remote code execution via Jolokia/JMX vectors (e.g., /api/jolokia) leading to arbitrary code with webshell write via Log4j/JFR paths. The root cause is an unsafe deserialization path that can be reached through Jol...