GHSA-34fp-xvxp-rg22

Suggest an improvement
Source
https://github.com/advisories/GHSA-34fp-xvxp-rg22
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-34fp-xvxp-rg22/GHSA-34fp-xvxp-rg22.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-34fp-xvxp-rg22
Aliases
  • CVE-2012-6551
Published
2022-05-17T03:46:32Z
Modified
2024-03-14T23:01:40.796384Z
Summary
Apache ActiveMQ default configuration subject to denial of service
Details

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

References

Affected packages

Maven / org.apache.activemq:apache-activemq

Package

Name
org.apache.activemq:apache-activemq
View open source insights on deps.dev
Purl
pkg:maven/org.apache.activemq/apache-activemq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0

Affected versions

4.*

4.1.1
4.1.2

5.*

5.0.0
5.1.0
5.2.0
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.4.2
5.4.3
5.5.0
5.5.1
5.6.0
5.7.0

Maven / org.apache.activemq:activemq-web-demo

Package

Name
org.apache.activemq:activemq-web-demo
View open source insights on deps.dev
Purl
pkg:maven/org.apache.activemq/activemq-web-demo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0

Affected versions

4.*

4.1.1
4.1.2

5.*

5.0.0
5.1.0
5.2.0
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.4.2
5.4.3
5.5.0
5.5.1
5.6.0
5.7.0