CVE-2012-6551

CWE-399 CWE-400 — Uncontrolled Resource Consumption CWE-79 — Cross-site Scripting (XSS)10 documents7 sources

Severity

5.0MEDIUM

EPSS

8.4%

top 7.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq

Timeline

PublishedApr 21

Latest updateMay 17

Description

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Mavenorg.apache.activemq:apache-activemq< 5.8.0

▶Mavenorg.apache.activemq:activemq-web-demo< 5.8.0

▶NVDapache/activemq5.7.0+17

🔴Vulnerability Details

GHSA

Apache ActiveMQ default configuration subject to denial of service↗2022-05-17

▶

OSV

Apache ActiveMQ default configuration subject to denial of service↗2022-05-17

▶

GHSA

Cross-site Scripting in Apache ActiveMQ↗2022-05-17

▶

CVEList

CVE-2012-6551: The default configuration of Apache ActiveMQ before 5↗2013-04-21

▶

📋Vendor Advisories

Red Hat

activemq: DoS by resource consumption via HTTP requests to sample webapp↗2012-11-02

▶

Red Hat

activemq: Multiple XSS flaws in web demos↗2012-10-18

▶

Debian

CVE-2012-6551: activemq - The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web a...↗2012

▶

💬Community

Bugzilla

CVE-2012-6551 activemq: DoS by resource consumption via HTTP requests to sample webapp↗2013-04-24

▶

Bugzilla

CVE-2012-6092 activemq: Multiple XSS flaws in web demos↗2013-04-24

▶