RSS   Podatności dla 'Activemq artemis'   RSS

2022-02-04
 
CVE-2022-23913

CWE-400
 

 
In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.

 
2021-01-27
 
CVE-2021-26118

CWE-287
 

 
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

 
 
CVE-2021-26117

CWE-287
 

 
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

 
2020-07-20
 
CVE-2020-13932

CWE-79
 

 
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.

 
2018-03-07
 
CVE-2017-12174

CWE-400
 

 
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError.

 
2017-07-25
 
CVE-2015-3208

CWE-611
 

 
XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown vectors.

 
2016-09-27
 
CVE-2016-4978

CWE-502
 

 
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.

 

 >>> Vendor: Apache 247 Produkty
Http server
Tomcat
Jserv
Mod python
Traffic server
Openoffice
Cocoon
Spamassassin
Subversion
Jspwiki
Xerces-c++
James
Mod auth radius
Coyote http connector
Mod imap
Struts
Derby
Libapreq2
Jetspeed
Geronimo
FLEX
Log4net
Open for business project
Opentaps
Apache http server
Tomcat jk web server connector
Apache test
Mod perl
AXIS
Myfaces tomahawk
Storm
Jakarta slide
Openoffice.org
Mod jk
Apache webserver
Roller
Apr-util
Jackrabbit
Tiles
Portable runtime
APR
SOLR
QPID
Couchdb
Axis2
Activemq
Myfaces
CXF
Archiva
Shiro
Mod fcgid
Libcloud
Continuum
Httpclient
Rampart/c
Wicket
Apache commons daemon
Http server2.0a1
Http server2.0a2
Http server2.0a3
Http server2.0a4
Http server2.0a5
Http server2.0a6
Http server2.0a7
Http server2.0a8
Http server2.0a9
Hadoop
Commons-compress
Org.apache.sling.servlets.post
POI
Guacamole
Cloudstack
Commons-httpclient
Commons fileupload
RAVE
Maven
Openjpa
Struts2-showcase
Xml security for c++
Xml security for java
Camel
Shindig
Sling auth core component
Sling
Mod dontdothat
Mod dav svn
Cordova
Xalan-java
Zookeeper
Syncope
Harmony
Hbase
Httpasyncclient
Ofbiz
Apache axis2/c
Wss4j
Mod auth mellon
HIVE
Xml security
Santuario xml security for java
Zobacz wszystkie produkty dla producenta Apache


Copyright 2024, cxsecurity.com

 

Back to Top