Vulnerabilities > CVE-2012-6551 - Resource Management Errors vulnerability in Apache Activemq
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Redhat
| advisories |
|
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2012-6551 Apache ActiveMQ是一款开源消息总线,支持JMS1.1和J2EE 1.4规范的JMS Provider实现。 默认配置下Apache ActiveMQ启用一个简单的WEB应用,允许远程攻击者利用漏洞提交HTTP请求消耗broker资源而造成拒绝服务攻击。 0 Apache ActiveMQ 5.8.0之前版本 厂商解决方案 Apache ActiveMQ 5.8.0已经修复此漏洞,建议用户下载更新: https://activemq.apache.org/ |
| id | SSV:60762 |
| last seen | 2017-11-19 |
| modified | 2013-04-24 |
| published | 2013-04-24 |
| reporter | Root |
| title | Apache ActiveMQ CVE-2012-6551远程拒绝服务漏洞 |
References
- http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.html
- http://activemq.apache.org/activemq-580-release.html
- http://rhn.redhat.com/errata/RHSA-2013-1029.html
- http://www.securityfocus.com/bid/59401
- https://fisheye6.atlassian.com/changelog/activemq?cs=1404998
- https://issues.apache.org/jira/browse/AMQ-4124
- https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282