CVE-2011-4905

CWE-3998 documents7 sources

Severity

5.0MEDIUM

EPSS

12.5%

top 6.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq

Timeline

PublishedJan 5

Latest updateMay 17

Description

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Mavenorg.apache.activemq:activemq-core< 5.6.0

▶NVDapache/activemq5.5.1+29

▶Debianactivemq< 5.5.0+dfsg-5+2

🔴Vulnerability Details

GHSA

Denial of Service in Apache ActiveMQ↗2022-05-17

▶

OSV

Denial of Service in Apache ActiveMQ↗2022-05-17

▶

OSV

CVE-2011-4905: Apache ActiveMQ before 5↗2012-01-05

▶

CVEList

CVE-2011-4905: Apache ActiveMQ before 5↗2012-01-05

▶

📋Vendor Advisories

Red Hat

ActiveMQ: flaw within failover mechanism when handling openwire requests can lead to DoS↗2011-04-22

▶

Debian

CVE-2011-4905: activemq - Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of servic...↗2011

▶

💬Community

Bugzilla

CVE-2011-4905 ActiveMQ: flaw within failover mechanism when handling openwire requests can lead to DoS↗2011-12-22

▶