CVE-2013-3060Improper Authentication in Apache Activemq

CWE-287Improper AuthenticationCWE-306Missing Authentication for Critical Function7 documents7 sources
Severity
6.4MEDIUMNVD
EPSS
1.0%
top 22.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Activemq
Timeline
PublishedApr 21
Latest updateMay 17

Description

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDapache/activemq5.7.0+17

🔴Vulnerability Details

3
GHSA
Improper Authentication in Apache ActiveMQ2022-05-17
OSV
Improper Authentication in Apache ActiveMQ2022-05-17
CVEList
CVE-2013-3060: The web console in Apache ActiveMQ before 52013-04-21

📋Vendor Advisories

2
Debian
CVE-2013-3060: activemq - The web console in Apache ActiveMQ before 5.8.0 does not require authentication,...2013
Red Hat
activemq: Unauthenticated access to web console2012-11-02

💬Community

1
Bugzilla
CVE-2013-3060 activemq: Unauthenticated access to web console2013-04-24
CVE-2013-3060 — Improper Authentication in Apache | cvebase