CVSS: 5.0EPSS: 0%CPEs: 32EXPL: 1CVE-2011-4905
https://notcve.org/view.php?id=CVE-2011-4905
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests. Apache ActiveMQ antes de v5.6.0 permite a atacantes remotos provocar una denegación de servicio (agotamiento de descriptores de archivo y caída o bloqueo del broker) mediante el envío de muchas peticiones de conexión openwire failover:tcp:// • http://openwall.com/lists/oss-security/2011/12/25/2 http://openwall.com/lists/oss-security/2011/12/25/6 http://secunia.com/advisories/47112 http://svn.apache.org/viewvc?view=revision&revision=1209700 http://svn.apache.org/viewvc?view=revision&revision=1211844 http://www.securityfocus.com/bid/50904 https://issues.apache.org/jira/browse/AMQ-3294 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 57%CPEs: 6EXPL: 2CVE-2010-1587 – Apache ActiveMQ 5.2/5.3 - Source Code Information Disclosure
https://notcve.org/view.php?id=CVE-2010-1587
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp. Jetty ResourceHandler en Apache ActiveMQ v5.x anteriores v5.3.2 v5.4.x anterior 5.4.0 premite a atacantes remotos leer código fuente JSP a través de los caracteres // (barra barra) iniciando la subcadena en la URI para (1) admin/index.jsp, (2) admin/queues.jsp, o (3) admin/topics.jsp. • https://www.exploit-db.com/exploits/33868 http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html http://secunia.com/advisories/39567 http://www.osvdb.org/64020 http://www.securityfocus.com/archive/1/510896/100/0/threaded http://www.securityfocus.com/bid/39636 http://www.vupen.com/english/advisories/2010/0979 https://issues.apache.org/activemq/browse/AMQ-2700 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 2CVE-2010-1244
https://notcve.org/view.php?id=CVE-2010-1244
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en createDestination.action en Apache ActiveMQ anteriores a v5.3.1, permite a atacantes remotos secuestrar la autenticación de víctimas sin identificar que para peticiones que crea colas a través del parámetro JMSDestination en una acción queue. • http://activemq.apache.org/activemq-531-release.html http://secunia.com/advisories/39223 https://exchange.xforce.ibmcloud.com/vulnerabilities/57398 https://issues.apache.org/activemq/browse/AMQ-2613 https://issues.apache.org/activemq/browse/AMQ-2625 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 4CVE-2010-0684
https://notcve.org/view.php?id=CVE-2010-0684
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en createDestination.action en Apache ActiveMQ anteriores a v5.3.1, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro JMSDestination en una acción queue. • http://activemq.apache.org/activemq-531-release.html http://secunia.com/advisories/39223 http://securitytracker.com/id?1023778 http://www.rajatswarup.com/CVE-2010-0684.txt http://www.securityfocus.com/archive/1/510419/100/0/threaded http://www.securityfocus.com/bid/39119 https://exchange.xforce.ibmcloud.com/vulnerabilities/57397 https://issues.apache.org/activemq/browse/AMQ-2613 https://issues.apache.org/activemq/browse/AMQ-2625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •