CVE-2012-6551
Published: 21 April 2013
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
Notes
Author | Note |
---|---|
mdeslaur | example code not shipped in Ubuntu/Debian |
Priority
Status
Package | Release | Status |
---|---|---|
activemq Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(code not present)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Not vulnerable
(code not present)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6551
- https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282
- https://issues.apache.org/jira/browse/AMQ-4124
- https://fisheye6.atlassian.com/changelog/activemq?cs=1404998
- http://activemq.apache.org/activemq-580-release.html
- http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.html
- NVD
- Launchpad
- Debian