GHSA-34fp-xvxp-rg22

Suggest an improvement
Source
https://github.com/advisories/GHSA-34fp-xvxp-rg22
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-34fp-xvxp-rg22/GHSA-34fp-xvxp-rg22.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-34fp-xvxp-rg22
Aliases
  • CVE-2012-6551
Published
2022-05-17T03:46:32Z
Modified
2024-12-03T06:07:49.613780Z
Summary
Apache ActiveMQ default configuration subject to denial of service
Details

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

Database specific 
{
    "nvd_published_at": "2013-04-21T21:55:00Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T21:32:55Z"
}
References

Affected packages

Maven / org.apache.activemq:apache-activemq

Package

Name
org.apache.activemq:apache-activemq
View open source insights on deps.dev
Purl
pkg:maven/org.apache.activemq/apache-activemq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0

Affected versions

4.*

4.1.1
4.1.2

5.*

5.0.0
5.1.0
5.2.0
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.4.2
5.4.3
5.5.0
5.5.1
5.6.0
5.7.0

Maven / org.apache.activemq:activemq-web-demo

Package

Name
org.apache.activemq:activemq-web-demo
View open source insights on deps.dev
Purl
pkg:maven/org.apache.activemq/activemq-web-demo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0

Affected versions

4.*

4.1.1
4.1.2

5.*

5.0.0
5.1.0
5.2.0
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.4.2
5.4.3
5.5.0
5.5.1
5.6.0
5.7.0