Published: 05/01/2012 Updated: 05/01/2012

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Apache ActiveMQ prior to 5.6.0 allows remote malicious users to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache activemq 5.3.1
apache activemq 5.3.0
apache activemq 5.2.0
apache activemq 5.1.0
apache activemq 3.0
apache activemq 2.1
apache activemq 2.0
apache activemq 1.5
apache activemq
apache activemq 5.5.0
apache activemq 5.4.3
apache activemq 4.0.2
apache activemq 4.0.1
apache activemq 4.0
apache activemq 5.4.2
apache activemq 5.4.0
apache activemq 4.1.2
apache activemq 4.1.0
apache activemq 3.2.1
apache activemq 3.1
apache activemq 1.4
apache activemq 1.2
apache activemq 5.4.1
apache activemq 5.3.2
apache activemq 5.0.0
apache activemq 4.1.1
apache activemq 3.2.2
apache activemq 3.2
apache activemq 1.3
apache activemq 1.1

Debian Bug report logs - #655495 CVE-2011-4605: DoS Package: src:activemq; Maintainer for src:activemq is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 11 Jan 2012 17:39:01 UTC Severity: grave Tags: security Fixed in version active ...

CWE-399 http://svn.apache.org/viewvc?view=revision&revision=1209700 http://svn.apache.org/viewvc?view=revision&revision=1211844 http://www.securityfocus.com/bid/50904 http://openwall.com/lists/oss-security/2011/12/25/6 http://secunia.com/advisories/47112 http://openwall.com/lists/oss-security/2011/12/25/2 https://issues.apache.org/jira/browse/AMQ-3294 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655495 https://nvd.nist.gov

CVE-2011-4905

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect