Lucene search

GitHub Advisory DatabaseGHSA-9WCX-326R-7J7W

HistoryMay 17, 2022 - 5:35 a.m.

Denial of Service in Apache ActiveMQ

2022-05-1705:35:59

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

82.2%

JSON

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

Affected configurations

Vulners

Node

org.apache.activemq\activemqMatchcore

CPENameOperatorVersion
org.apache.activemq:activemq-corelt5.6.0

CPE	Name	Operator	Version
	org.apache.activemq:activemq-core	lt	5.6.0

References

openwall.com/lists/oss-security/2011/12/25/2

openwall.com/lists/oss-security/2011/12/25/6

svn.apache.org/viewvc?view=revision&revision=1209700

svn.apache.org/viewvc?view=revision&revision=1211844

github.com/advisories/GHSA-9wcx-326r-7j7w

github.com/apache/activemq/commit/3a71f8e33d0309cb0ca5b5758a8f251da205e757

github.com/apache/activemq/commit/9df9d3e89140b7329654ad5675259ec6f0c4b3a7

github.com/apache/activemq/commit/da7f9962c640666a743675085922bf75a656f81b

issues.apache.org/jira/browse/AMQ-1928

issues.apache.org/jira/browse/AMQ-3294

nvd.nist.gov/vuln/detail/CVE-2011-4905

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

82.2%

JSON

Related for GHSA-9WCX-326R-7J7W