Apache ActiveMQ 5.x prior to 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote malicious users to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat openshift 2.0 |
||
apache activemq 5.3.0 |
||
apache activemq 5.11.1 |
||
apache activemq 5.8.0 |
||
apache activemq 5.4.3 |
||
apache activemq 5.4.0 |
||
apache activemq 5.5.1 |
||
apache activemq 5.12.0 |
||
apache activemq 5.4.1 |
||
apache activemq 5.9.0 |
||
apache activemq 5.11.2 |
||
apache activemq 5.11.0 |
||
apache activemq 5.3.1 |
||
apache activemq 5.2.0 |
||
apache activemq 5.7.0 |
||
apache activemq 5.0.0 |
||
apache activemq 5.12.1 |
||
apache activemq 5.10.1 |
||
apache activemq 5.10.0 |
||
apache activemq 5.1.0 |
||
apache activemq 5.5.0 |
||
apache activemq 5.3.2 |
||
apache activemq 5.10.2 |
||
apache activemq 5.9.1 |
||
apache activemq 5.6.0 |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |