CVE-2012-6551
activemq: DoS by resource consumption via HTTP requests to sample webapp
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
La configuración por defecto de Apache ActiveMQ anterior a v5.8.0 permite una aplicación Web de ejemplo, la cual permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) a través de peticiones HTTP.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-04-21 CVE Reserved
- 2013-04-21 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.html | Mailing List | |
| http://activemq.apache.org/activemq-580-release.html | X_refsource_confirm | |
| http://www.securityfocus.com/bid/59401 | Vdb Entry | |
| https://fisheye6.atlassian.com/changelog/activemq?cs=1404998 | X_refsource_confirm | |
| https://issues.apache.org/jira/browse/AMQ-4124 | X_refsource_confirm | |
| https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1029.html | 2016-11-28 | |
| https://access.redhat.com/security/cve/CVE-2012-6551 | 2013-07-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=955907 | 2013-07-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | <= 5.7.0 Search vendor "Apache" for product "Activemq" and version " <= 5.7.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0 Search vendor "Apache" for product "Activemq" and version "4.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0 Search vendor "Apache" for product "Activemq" and version "4.0" | m4 |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0 Search vendor "Apache" for product "Activemq" and version "4.0" | rc2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0.1 Search vendor "Apache" for product "Activemq" and version "4.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0.2 Search vendor "Apache" for product "Activemq" and version "4.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.1.0 Search vendor "Apache" for product "Activemq" and version "4.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.1.1 Search vendor "Apache" for product "Activemq" and version "4.1.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.0.0 Search vendor "Apache" for product "Activemq" and version "5.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.1.0 Search vendor "Apache" for product "Activemq" and version "5.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.2.0 Search vendor "Apache" for product "Activemq" and version "5.2.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.3.0 Search vendor "Apache" for product "Activemq" and version "5.3.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.3.1 Search vendor "Apache" for product "Activemq" and version "5.3.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.3.2 Search vendor "Apache" for product "Activemq" and version "5.3.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.4.0 Search vendor "Apache" for product "Activemq" and version "5.4.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.4.1 Search vendor "Apache" for product "Activemq" and version "5.4.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.4.2 Search vendor "Apache" for product "Activemq" and version "5.4.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.5.0 Search vendor "Apache" for product "Activemq" and version "5.5.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.5.1 Search vendor "Apache" for product "Activemq" and version "5.5.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.6.0 Search vendor "Apache" for product "Activemq" and version "5.6.0" | - |
Affected
| ||||||