Search for packages
| purl | pkg:maven/org.apache.activemq/activemq-core@5.4.2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-37ws-cqf7-4udm
Aliases: CVE-2020-13947 GHSA-66gw-ch5v-74v8 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-a3nb-p5p6-zbf7
Aliases: CVE-2020-13920 GHSA-xgrx-xpv2-6vp4 |
Missing Authentication for Critical Function Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. |
Affected by 0 other vulnerabilities. |
|
VCID-a7j9-mzvg-cycr
Aliases: CVE-2013-1880 GHSA-c9gx-27hq-wcvj |
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092. |
Affected by 0 other vulnerabilities. |
|
VCID-anw6-f8f2-q3hx
Aliases: CVE-2012-6092 GHSA-rp9p-863f-9c4h |
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551. |
Affected by 0 other vulnerabilities. |
|
VCID-cuhh-zgq5-n3gr
Aliases: CVE-2011-4905 GHSA-9wcx-326r-7j7w |
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests. |
Affected by 6 other vulnerabilities. |
|
VCID-f5x2-zvxa-yba5
Aliases: CVE-2023-46604 GHSA-crg9-44h2-xw35 |
False positive This advisory has been marked as a false positive. | There are no reported fixed by versions. |
|
VCID-k4jb-36cp-1fc4
Aliases: CVE-2022-41678 GHSA-53v4-42fg-g287 |
False positive This advisory has been marked as a false positive. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||