Lucene search

UbuntuUSN-6910-1

HistoryJul 23, 2024 - 12:00 a.m.

Apache ActiveMQ vulnerabilities

2024-07-2300:00:00

ubuntu.com

apache activemq

ubuntu

denial of service

person-in-the-middle attack

authentication

ldap authentication

arbitrary code

deserialization

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.969

Percentile

99.7%

JSON

Releases

Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

activemq - Java message broker - server

Details

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain
commands. A remote attacker could possibly use this issue to terminate
the program, resulting in a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2015-7559)

Peter Stöckli discovered that Apache ActiveMQ incorrectly handled
hostname verification. A remote attacker could possibly use this issue
to perform a person-in-the-middle attack. This issue only affected Ubuntu
16.04 LTS. (CVE-2018-11775)

Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache
ActiveMQ incorrectly handled authentication in certain functions.
A remote attacker could possibly use this issue to perform a
person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920)

Gregor Tudan discovered that Apache ActiveMQ incorrectly handled
LDAP authentication. A remote attacker could possibly use this issue
to acquire unauthenticated access. This issue only affected Ubuntu 16.04
LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26117)

It was discovered that Apache ActiveMQ incorrectly handled
authentication. A remote attacker could possibly use this issue to run
arbitrary code. (CVE-2022-41678)

It was discovered that Apache ActiveMQ incorrectly handled
deserialization. A remote attacker could possibly use this issue to run
arbitrary shell commands. (CVE-2023-46604)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchactivemq< 5.16.1-1ubuntu0.1~esm1UNKNOWN
Ubuntu22.04noarchactivemq< 5.16.1-1UNKNOWN
Ubuntu22.04noarchlibactivemq-java< 5.16.1-1UNKNOWN
Ubuntu22.04noarchlibactivemq-java< 5.16.1-1ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchactivemq< 5.15.11-1ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchactivemq< 5.15.11-1UNKNOWN
Ubuntu20.04noarchlibactivemq-java< 5.15.11-1UNKNOWN
Ubuntu20.04noarchlibactivemq-java< 5.15.11-1ubuntu0.1~esm1UNKNOWN
Ubuntu18.04noarchactivemq< 5.15.8-2~18.04.1~esm1UNKNOWN
Ubuntu18.04noarchactivemq< 5.15.8-2~18.04UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.04	noarch	activemq	< 5.16.1-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	22.04	noarch	activemq	< 5.16.1-1	UNKNOWN
Ubuntu	22.04	noarch	libactivemq-java	< 5.16.1-1	UNKNOWN
Ubuntu	22.04	noarch	libactivemq-java	< 5.16.1-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	20.04	noarch	activemq	< 5.15.11-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	20.04	noarch	activemq	< 5.15.11-1	UNKNOWN
Ubuntu	20.04	noarch	libactivemq-java	< 5.15.11-1	UNKNOWN
Ubuntu	20.04	noarch	libactivemq-java	< 5.15.11-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	activemq	< 5.15.8-2~18.04.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	activemq	< 5.15.8-2~18.04	UNKNOWN