CVSS: 5.4EPSS: 0%CPEs: 28EXPL: 0CVE-2016-0782 – activemq: Cross-site scripting vulnerabilities in web console
https://notcve.org/view.php?id=CVE-2016-0782
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. La consola de administración web en Apache ActiveMQ 5.x en versiones anteriores a 5.11.4, 5.12.x en versiones anteriores a 5.12.3 y 5.13.x en versiones anteriores a 5.13.2 permite a usuarios remotos autenticados llevar a cabo ataques XSS y consecuentemente obtener información sensible de un volcado de memoria Java a través de vectores relacionados con la creación de una cola. It was found that Apache Active MQ administration web console did not validate input correctly when creating a queue. An authenticated attacker could exploit this flaw via cross-site scripting and use it to access sensitive information or further attacks. • http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt http://packetstormsecurity.com/files/136215/Apache-ActiveMQ-5.13.0-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/537760/100/0/threaded http://www.securitytracker.com/id/1035328 https://access.redhat.com/errata/RHSA-2016:1424 https://bugzilla.redhat.com/show_bug.cgi?id=1317516 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E https:/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 27EXPL: 1CVE-2015-5254 – ObjectMessage: unsafe deserialization
https://notcve.org/view.php?id=CVE-2015-5254
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. Apache ActiveMQ 5.x en versiones anteriores a 5.13.0 no restringe las clases que pueden ser serializadas en el broker, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto ObjectMessage Java Message Service (JMS) serializado manipulado. It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage. • https://github.com/jas502n/CVE-2015-5254 http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html http://rhn.redhat.com/errata/RHSA-2016-0489.html http://rhn.redhat.com/errata/RHSA-2016-2035.html http://rhn.redhat.com/errata/RHSA-2016-2036.html http://www.debian.org/security/2016/dsa-3524 http:&# • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2015-6524
https://notcve.org/view.php?id=CVE-2015-6524
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types. La implementación de LDAPLoginModule en el Java Authentication y Authorization Service (JAAS) en Apache ActiveMQ 5.x en versiones anteriores a 5.10.1 permite operadores comodín en nombres de usuario, lo que permite a atacantes remotos obtener credenciales a través de un ataque de fuerza bruta. NOTA: este identificador fue SEPARADO de CVE-2014-3612 por ADT2 debido a diferentes tipos de vulnerabilidad. • http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 2CVE-2015-1830 – Apache ActiveMQ RestFilter Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1830
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. Vulnerabilidad de salto de directorio en la funcionalidad del servidor de ficheros upload/download para mensajes blob en Apache ActiveMQ 5.x en versiones anteriores a 5.11.2 para Windows, permite a atacantes remotos crear archivos JSP en directorios arbitrarios a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache ActiveMQ. Authentication is not required to exploit this vulnerability. The specific flaw exists within ActiveMQ fileserver web application. By issuing specially crafted requests, an attacker can create an arbitrary file on the server with attacker controlled data. • https://www.exploit-db.com/exploits/48181 https://www.exploit-db.com/exploits/40857 http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt http://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html http://www.securityfocus.com/bid/76452 http://www.securitytracker.com/id/1033315 http://www.zerodayinitiative.com/advisories/ZDI-15-407 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 51%CPEs: 6EXPL: 0CVE-2014-3576 – ActiveMQ: DoS via unauthenticated remote shutdown command
https://notcve.org/view.php?id=CVE-2014-3576
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. Vulnerabilidad en la función processControlCommand en broker/TransportConnection.java en Apache ActiveMQ en versiones anteriores a 5.11.0, permite a atacantes remotos causar una denegación de servicio (apagado) a través de un comando de apagado. It was found that the Apache ActiveMQ broker exposed a remote shutdown command without requiring any authentication to use it. A remote, unauthenticated attacker could use this flaw to shut down ActiveMQ broker's listener. • http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html http://www.debian.org/security/2015/dsa-3330 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/archive/1/536862/100/0/threaded http://www.securityfocus.com/bid/76272 http://www.securitytracker.com/id/10 • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •