ID CVE-2012-6551
Summary The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 28-11-2016 - 19:08)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
rhsa
id RHSA-2013:1029
refmap via4
bid 59401
confirm
mlist [dev] 20121022 [DISCUSS] - ActiveMQ out of the box - Should not include the demos
Last major update 28-11-2016 - 19:08
Published 21-04-2013 - 21:55
Last modified 28-11-2016 - 19:08
Back to Top