Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
openwall.com/lists/oss-security/2011/12/25/2
openwall.com/lists/oss-security/2011/12/25/6
svn.apache.org/viewvc?view=revision&revision=1209700
svn.apache.org/viewvc?view=revision&revision=1211844
github.com/apache/activemq
github.com/apache/activemq/commit/3a71f8e33d0309cb0ca5b5758a8f251da205e757
github.com/apache/activemq/commit/9df9d3e89140b7329654ad5675259ec6f0c4b3a7
github.com/apache/activemq/commit/da7f9962c640666a743675085922bf75a656f81b
issues.apache.org/jira/browse/AMQ-1928
issues.apache.org/jira/browse/AMQ-3294
nvd.nist.gov/vuln/detail/CVE-2011-4905