cbcvebase.

Debian Activemq vulnerabilities

34 known vulnerabilities affecting debian/activemq.

Total CVEs
34
CISA KEV
3
actively exploited
Public exploits
8
Exploited in wild
2
Severity breakdown
CRITICAL3HIGH4MEDIUM4LOW23

Vulnerabilities

Page 2 of 2
CVE-2015-5254CRITICALCVSS 9.8fixed in activemq 5.13.2+dfsg-1 (bookworm)2015
CVE-2015-5254 [CRITICAL] CVE-2015-5254: activemq - Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be seri... Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. Scope: local bookworm: resolved (fixed in 5.13.2+dfsg-1) bullseye: resolved (fixed in 5.13.2+dfsg-1) sid: resolved (fixed in 5.13.2+d
debian
CVE-2015-7559LOWCVSS 2.7fixed in activemq 5.14.3-3 (bookworm)2015
CVE-2015-7559 [LOW] CVE-2015-7559: activemq - It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shut... It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. Scope: local bookworm: resolved (fixed in 5.14.3-3) bullseye: resolved (fixed in 5.14.3-3) sid: resolved (fixed in 5.14.3-3) tr
debian
CVE-2015-1830LOWCVSS 5.0PoC2015
CVE-2015-1830 [MEDIUM] CVE-2015-1830: activemq - Directory traversal vulnerability in the fileserver upload/download functionalit... Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved sid: resolved trixie: resolved
debian
CVE-2015-6524LOWCVSS 7.5fixed in activemq 5.6.0+dfsg1-4 (bookworm)2015
CVE-2015-6524 [HIGH] CVE-2015-6524: activemq - The LDAPLoginModule implementation in the Java Authentication and Authorization ... The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. Scope: local bookworm
debian
CVE-2014-3576HIGHCVSS 7.5fixed in activemq 5.6.0+dfsg1-4+deb8u1 (bookworm)2014
CVE-2014-3576 [HIGH] CVE-2014-3576: activemq - The processControlCommand function in broker/TransportConnection.java in Apache ... The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. Scope: local bookworm: resolved (fixed in 5.6.0+dfsg1-4+deb8u1) bullseye: resolved (fixed in 5.6.0+dfsg1-4+deb8u1) sid: resolved (fixed in 5.6.0+dfsg1-4+deb8u1) trixie: resolved
debian
CVE-2014-3600LOWCVSS 9.8fixed in activemq 5.6.0+dfsg1-4 (bookworm)2014
CVE-2014-3600 [CRITICAL] CVE-2014-3600: activemq - XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 all... XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. Scope: local bookworm: resolved (fixed in 5.6.0+dfsg1-4) bullseye: resolved (fixed in 5.6.0+dfsg1-4) sid: resolved (fixed in 5.6.0+dfsg1-4) trixie: resolved (fixe
debian
CVE-2014-8110LOWCVSS 4.32014
CVE-2014-8110 [MEDIUM] CVE-2014-8110: activemq - Multiple cross-site scripting (XSS) vulnerabilities in the web based administrat... Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved sid: resolved trixie: resolved
debian
CVE-2014-3612LOWCVSS 7.5fixed in activemq 5.6.0+dfsg1-4 (bookworm)2014
CVE-2014-3612 [HIGH] CVE-2014-3612: activemq - The LDAPLoginModule implementation in the Java Authentication and Authorization ... The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE
debian
CVE-2013-1880LOWCVSS 4.32013
CVE-2013-1880 [MEDIUM] CVE-2013-1880: activemq - Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in t... Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092. Scope: local bookworm: resolved bullseye: resolved sid: resolved trixi
debian
CVE-2013-3060LOWCVSS 6.42013
CVE-2013-3060 [MEDIUM] CVE-2013-3060: activemq - The web console in Apache ActiveMQ before 5.8.0 does not require authentication,... The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. Scope: local bookworm: resolved bullseye: resolved sid: resolved trixie: resolved
debian
CVE-2013-1879LOWCVSS 4.32013
CVE-2013-1879 [MEDIUM] CVE-2013-1879: activemq - Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8... Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message." Scope: local bookworm: resolved bullseye: resolved sid: resolved trixie: resolved
debian
CVE-2012-6551LOWCVSS 5.02012
CVE-2012-6551 [MEDIUM] CVE-2012-6551: activemq - The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web a... The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests. Scope: local bookworm: resolved bullseye: resolved sid: resolved trixie: resolved
debian
CVE-2012-6092LOWCVSS 4.32012
CVE-2012-6092 [MEDIUM] CVE-2012-6092: activemq - Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache A... Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.j
debian
CVE-2011-4905MEDIUMCVSS 5.0fixed in activemq 5.5.0+dfsg-5 (bookworm)2011
CVE-2011-4905 [MEDIUM] CVE-2011-4905: activemq - Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of servic... Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests. Scope: local bookworm: resolved (fixed in 5.5.0+dfsg-5) bullseye: resolved (fixed in 5.5.0+dfsg-5) sid: resolved (fixed in 5.5.0+dfsg-5) trixie: resolved (fixed in 5.5.0
debian
← Previous2 / 2