Download
| Alert*
oval:org.secpod.oval:def:602204
activemq is installed oval:org.secpod.oval:def:109563 activemq is installed oval:org.secpod.oval:def:109562 The most popular and powerful open source messaging and Integration Patterns server. oval:org.secpod.oval:def:23 Apache ActiveMQ is installed oval:org.secpod.oval:def:2001170 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. oval:org.secpod.oval:def:1901393 An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. oval:org.secpod.oval:def:2001010 TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. oval:org.secpod.oval:def:2000874 When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details are exposed as plain text. oval:org.secpod.oval:def:602433 It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation oval:org.secpod.oval:def:109839 The most popular and powerful open source messaging and Integration Patterns server. oval:org.secpod.oval:def:109871 The most popular and powerful open source messaging and Integration Patterns server. oval:org.secpod.oval:def:602198 It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command. oval:org.secpod.oval:def:1900871 In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. oval:org.secpod.oval:def:1901769 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. |