CVE-2013-3060
activemq: Unauthenticated access to web console
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
La consola web de Apache ActiveMQ anterior a v5.8.0 no requiere autenticación, lo que permite a atacantes remotos obtener información sensible o causar una denegación de servicio a través de peticiones HTTP.
Fuse Message Broker is a messaging platform based on Apache ActiveMQ that provides SOA infrastructure to connect processes across heterogeneous systems. It was found that, by default, the Apache ActiveMQ web console did not require authentication. A remote attacker could use this flaw to modify the state of the Apache ActiveMQ environment, obtain sensitive information, or cause a denial of service. This update delivers a README file which describes how to manually configure an XML properties file to fix this flaw. Back up existing Fuse Message Broker configuration files before making changes.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-04-15 CVE Reserved
- 2013-04-21 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.html | Mailing List | |
| http://activemq.apache.org/activemq-580-release.html | X_refsource_confirm | |
| http://www.securityfocus.com/bid/59402 | Vdb Entry | |
| https://fisheye6.atlassian.com/changelog/activemq?cs=1404998 | X_refsource_confirm | |
| https://issues.apache.org/jira/browse/AMQ-4124 | X_refsource_confirm | |
| https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-1029.html | 2016-11-28 | |
| http://rhn.redhat.com/errata/RHSA-2013-1221.html | 2016-11-28 | |
| https://access.redhat.com/security/cve/CVE-2013-3060 | 2013-09-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=955908 | 2013-09-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | <= 5.7.0 Search vendor "Apache" for product "Activemq" and version " <= 5.7.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0 Search vendor "Apache" for product "Activemq" and version "4.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0 Search vendor "Apache" for product "Activemq" and version "4.0" | m4 |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0 Search vendor "Apache" for product "Activemq" and version "4.0" | rc2 |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0.1 Search vendor "Apache" for product "Activemq" and version "4.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.0.2 Search vendor "Apache" for product "Activemq" and version "4.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.1.0 Search vendor "Apache" for product "Activemq" and version "4.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 4.1.1 Search vendor "Apache" for product "Activemq" and version "4.1.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.0.0 Search vendor "Apache" for product "Activemq" and version "5.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.1.0 Search vendor "Apache" for product "Activemq" and version "5.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.2.0 Search vendor "Apache" for product "Activemq" and version "5.2.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.3.0 Search vendor "Apache" for product "Activemq" and version "5.3.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.3.1 Search vendor "Apache" for product "Activemq" and version "5.3.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.3.2 Search vendor "Apache" for product "Activemq" and version "5.3.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.4.0 Search vendor "Apache" for product "Activemq" and version "5.4.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.4.1 Search vendor "Apache" for product "Activemq" and version "5.4.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.4.2 Search vendor "Apache" for product "Activemq" and version "5.4.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.5.0 Search vendor "Apache" for product "Activemq" and version "5.5.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.5.1 Search vendor "Apache" for product "Activemq" and version "5.5.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Activemq Search vendor "Apache" for product "Activemq" | 5.6.0 Search vendor "Apache" for product "Activemq" and version "5.6.0" | - |
Affected
| ||||||