Apache Activemq vulnerabilities

CVE-2020-13920 [MEDIUM] CWE-306 CVE-2020-13920: Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the se Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively bec

CVE-2020-1941 [MEDIUM] CWE-79 CVE-2020-1941: In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

CVE-2015-7559 [LOW] CWE-306 CVE-2015-7559: It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

CVE-2019-0201 [MEDIUM] CWE-862 CVE-2019-0201: An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s g An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is use

CVE-2013-7285 [CRITICAL] CWE-78 CVE-2013-7285: Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initiali Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.

CVE-2019-10241 [MEDIUM] CWE-79 CVE-2019-10241: In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vul In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

CVE-2019-0222 [HIGH] CVE-2019-0222: In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

CVE-2018-8006 [MEDIUM] CWE-79 CVE-2018-8006: An instance of a cross-site scripting vulnerability was identified to be present in the web based ad An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

CVE-2018-11775 [HIGH] CWE-295 CVE-2018-11775: TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which coul TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

CVE-2017-15709 [LOW] CWE-200 CVE-2017-15709: When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain sys When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

CVE-2016-6810 [MEDIUM] CWE-79 CVE-2016-6810: In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identi In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.

CVE-2014-3600 [CRITICAL] CWE-611 CVE-2014-3600: XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

CVE-2016-0782 [MEDIUM] CWE-79 CVE-2016-0782: The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13. The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

CVE-2016-3088 [CRITICAL] CWE-434 CVE-2016-3088: The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uploa The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

CVE-2016-0734 [MEDIUM] CWE-254 CVE-2016-0734: The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-O The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

CVE-2015-5254 [CRITICAL] CWE-20 CVE-2015-5254: Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

CVE-2014-3612 [HIGH] CWE-287 CVE-2014-3612: The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Ap The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability

CVE-2015-6524 [MEDIUM] CVE-2015-6524: The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Ap The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

CVE-2015-1830 [MEDIUM] CWE-22 CVE-2015-1830: Directory traversal vulnerability in the fileserver upload/download functionality for blob messages Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.

CVE-2014-3576 [HIGH] CWE-264 CVE-2014-3576: The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11 The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.