CVE-2013-3060
Published: 21 April 2013
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
Notes
Author | Note |
---|---|
mdeslaur | web console not shipped in Debian/Ubuntu |
Priority
Status
Package | Release | Status |
---|---|---|
activemq Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(code not present)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [code not present])
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Not vulnerable
(code not present)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3060
- https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282
- https://issues.apache.org/jira/browse/AMQ-4124
- https://fisheye6.atlassian.com/changelog/activemq?cs=1404998
- http://activemq.apache.org/activemq-580-release.html
- http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.html
- NVD
- Launchpad
- Debian