CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-11998
https://notcve.org/view.php?id=CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13 Se ha introducido una regresión en el commit que evita que JMX vuelva a vincularse. Al pasar un mapa de entorno vacío hacia RMIConnectorServer, en lugar del mapa que contiene las credenciales de autenticación, deja ActiveMQ abierto al siguiente ataque: https://docs.oracle.com/javase/8/docs/technotes/guides/management/ agent.html. " Un cliente remoto podría crear un MBean javax.management.loading.MLet y usarlo para crear nuevos MBeans a partir de URL arbitrarias, al menos si no existe un administrador de seguridad. • http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security- •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13920 – activemq: improper authentication allows MITM attack
https://notcve.org/view.php?id=CVE-2020-13920
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. Apache ActiveMQ usa la función LocateRegistry.createRegistry() para crear el registro RMI de JMX y vincular el servidor a la entrada "jmxrmi". • http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html https://www.oracle.com/security-alerts/cpuoct2020.html https:/& • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1941
https://notcve.org/view.php?id=CVE-2020-1941
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. En Apache ActiveMQ versiones 5.0.0 hasta 5.15.11, la Interfaz de Usuario Gráfica de administración webconsole está abierta a un ataque de tipo XSS, en la vista que enumera el contenido de una cola. • http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-aler • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7559 – ActiveMQ: DoS in client via shutdown command
https://notcve.org/view.php?id=CVE-2015-7559
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. Se encontró que el cliente ActiveMQ de Apache anterior a versión 5.15.5, expuso un comando de apagado remoto en clase ActiveMQConnection. Un atacante que inicio sesión en un broker comprometido podría utilizar este fallo para lograr una denegación de servicio en un cliente conectado. It was found that the Apache ActiveMQ client exposed a remote shutdown command in the ActiveMQConnection class. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559 https://issues.apache.org/jira/browse/AMQ-6470 https://access.redhat.com/security/cve/CVE-2015-7559 https://bugzilla.redhat.com/show_bug.cgi?id=1293972 • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2019-0201 – zookeeper: Information disclosure in Apache ZooKeeper
https://notcve.org/view.php?id=CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. • http://www.securityfocus.com/bid/108427 https://access.redhat.com/errata/RHSA-2019:3140 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4352 https://issues.apache.org/jira/browse/ZOOKEEPER-1392 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html&#x • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •