Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache activemq 5.3.1 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2010-1587
The Jetty ResourceHandler in Apache ActiveMQ 5.x prior to 5.3.2 and 5.4.x prior to 5.4.0 allows remote malicious users to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
Apache Activemq 5.3.0Apache Activemq 5.3.1Apache Activemq 5.0.0Apache Activemq 5.4-snapshotApache Activemq 5.1.0Apache Activemq 5.2.0
NA
CVE-2013-1880
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ prior to 5.9.0 allows remote malicious users to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerabi...
Apache Activemq 5.6.0Apache Activemq 5.5.1Apache Activemq 5.3.0Apache Activemq 5.2.0Apache ActivemqApache Activemq 5.7.0Apache Activemq 5.3.2Apache Activemq 5.3.1Apache Activemq 5.5.0Apache Activemq 5.4.2Apache Activemq 5.1.0Apache Activemq 5.0.0Apache Activemq 5.4.1Apache Activemq 5.4.0
NA
CVE-2013-1879
Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and previous versions allows remote malicious users to inject arbitrary web script or HTML via vectors involving the "cron of a message."
Apache Activemq 5.5.0Apache Activemq 5.5.1Apache Activemq 5.0.0Apache Activemq 5.3.0Apache Activemq 5.4.2Apache Activemq 5.2.0Apache Activemq 5.3.1Apache Activemq 5.6.0Apache Activemq 5.3.2Apache Activemq 5.1.0Apache Activemq 5.7.0Apache ActivemqApache Activemq 5.4.1Apache Activemq 5.4.0
NA
CVE-2013-3060
The web console in Apache ActiveMQ prior to 5.8.0 does not require authentication, which allows remote malicious users to obtain sensitive information or cause a denial of service via HTTP requests.
Apache Activemq 5.4.0Apache Activemq 5.3.2Apache Activemq 4.0.2Apache Activemq 4.0.1Apache Activemq 5.4.2Apache Activemq 5.4.1Apache Activemq 4.1.1Apache Activemq 4.1.0Apache ActivemqApache Activemq 5.6.0Apache Activemq 5.3.1Apache Activemq 5.3.0Apache Activemq 4.0Apache Activemq 5.5.1Apache Activemq 5.5.0Apache Activemq 5.2.0Apache Activemq 5.1.0Apache Activemq 5.0.0
NA
CVE-2012-6092
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ prior to 5.8.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publi...
Apache Activemq 5.3.0Apache Activemq 4.1.0Apache Activemq 5.4.0Apache Activemq 5.5.1Apache Activemq 5.4.1Apache Activemq 5.3.1Apache Activemq 5.2.0Apache Activemq 5.0.0Apache Activemq 4.0Apache Activemq 4.0.2Apache ActivemqApache Activemq 4.0.1Apache Activemq 5.1.0Apache Activemq 5.5.0Apache Activemq 5.3.2Apache Activemq 4.1.1Apache Activemq 5.6.0Apache Activemq 5.4.2
NA
CVE-2012-6551
The default configuration of Apache ActiveMQ prior to 5.8.0 enables a sample web application, which allows remote malicious users to cause a denial of service (broker resource consumption) via HTTP requests.
Apache Activemq 5.4.0Apache Activemq 5.3.2Apache Activemq 4.0.2Apache Activemq 4.0.1Apache Activemq 5.4.2Apache Activemq 5.4.1Apache Activemq 4.1.1Apache Activemq 4.1.0Apache ActivemqApache Activemq 5.6.0Apache Activemq 5.3.1Apache Activemq 5.3.0Apache Activemq 4.0Apache Activemq 5.5.1Apache Activemq 5.5.0Apache Activemq 5.2.0Apache Activemq 5.1.0Apache Activemq 5.0.0
NA
CVE-2014-8110
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x prior to 5.10.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Apache Activemq 5.3.0Apache Activemq 5.8.0Apache Activemq 5.4.3Apache Activemq 5.4.0Apache Activemq 5.5.1Apache Activemq 5.4.1Apache Activemq 5.9.0Apache Activemq 5.3.1Apache Activemq 5.2.0Apache Activemq 5.7.0Apache Activemq 5.0.0Apache Activemq 5.10.0Apache Activemq 5.1.0Apache Activemq 5.5.0Apache Activemq 5.3.2Apache Activemq 5.9.1Apache Activemq 5.6.0Apache Activemq 5.4.2
NA
CVE-2015-1830
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x prior to 5.11.2 for Windows allows remote malicious users to create JSP files in arbitrary directories via unspecified vectors.
Apache Activemq 5.0.0Apache Activemq 5.1.0Apache Activemq 5.2.0Apache Activemq 5.3.0Apache Activemq 5.3.1Apache Activemq 5.3.2Apache Activemq 5.4.0Apache Activemq 5.4.1Apache Activemq 5.4.2Apache Activemq 5.4.3Apache Activemq 5.5.0Apache Activemq 5.5.1Apache Activemq 5.6.0Apache Activemq 5.7.0Apache Activemq 5.8.0Apache Activemq 5.9.0Apache Activemq 5.9.1Apache Activemq 5.10.0Apache Activemq 5.10.1Apache Activemq 5.10.2Apache Activemq 5.11.0Apache Activemq 5.11.1
NA
CVE-2015-6524
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x prior to 5.10.1 allows wildcard operators in usernames, which allows remote malicious users to obtain credentials via a brute force attack. NOTE: this identifier ...
Fedoraproject Fedora 22Fedoraproject Fedora 23Apache Activemq 5.0.0Apache Activemq 5.4.0Apache Activemq 5.4.2Apache Activemq 5.7.0Apache Activemq 5.9.0Apache Activemq 5.4.3Apache Activemq 5.5.0Apache Activemq 5.5.1Apache Activemq 5.6.0Apache Activemq 5.10.0Apache Activemq 5.2.0Apache Activemq 5.3.0Apache Activemq 5.3.1Apache Activemq 5.1.0Apache Activemq 5.3.2Apache Activemq 5.4.1Apache Activemq 5.8.0Apache Activemq 5.9.1
NA
CVE-2011-4905
Apache ActiveMQ prior to 5.6.0 allows remote malicious users to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
Apache Activemq 5.3.1Apache Activemq 5.3.0Apache Activemq 5.2.0Apache Activemq 5.1.0Apache Activemq 3.0Apache Activemq 2.1Apache Activemq 2.0Apache Activemq 1.5Apache ActivemqApache Activemq 5.5.0Apache Activemq 5.4.3Apache Activemq 4.0.2Apache Activemq 4.0.1Apache Activemq 4.0Apache Activemq 5.4.2Apache Activemq 5.4.0Apache Activemq 4.1.2Apache Activemq 4.1.0Apache Activemq 3.2.1Apache Activemq 3.1Apache Activemq 1.4Apache Activemq 1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook