Activemq Security Vulnerabilities and Issues — Activemq CVE List

Lucene search

ApacheActivemq

9 matches found

CVE•added 2012/11/04 10:55 p.m.•211 views

CVE-2012-5784

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or su...

5.8CVSS6.2AI score0.0113EPSS

CVE•added 2015/08/19 3:59 p.m.•188 views

CVE-2015-1830

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.

5CVSS9.1AI score0.88003EPSS

CVE•added 2019/05/23 2:29 p.m.•188 views

CVE-2019-0201

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider ...

5.9CVSS5.8AI score0.00237EPSS

CVE•added 2020/09/10 7:15 p.m.•139 views

CVE-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to pr...

5.9CVSS5.8AI score0.00207EPSS

CVE•added 2015/08/24 2:59 p.m.•109 views

CVE-2015-6524

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...

5CVSS9AI score0.00896EPSS

CVE•added 2012/01/05 4:55 p.m.•99 views

CVE-2011-4905

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

5CVSS8.1AI score0.07735EPSS

CVE•added 2016/08/05 3:59 p.m.•81 views

CVE-2016-0782

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

5.4CVSS5.1AI score0.01571EPSS

CVE•added 2010/04/28 10:30 p.m.•76 views

CVE-2010-1587

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

5CVSS6.8AI score0.70253EPSS

CVE•added 2013/04/21 9:55 p.m.•75 views

CVE-2012-6551

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

5CVSS8.8AI score0.04105EPSS