Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05d2N4LTMyNnItN2o3d84AAf15
Denial of Service in Apache ActiveMQ
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
Permalink: https://github.com/advisories/GHSA-9wcx-326r-7j7wJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05d2N4LTMyNnItN2o3d84AAf15
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
Identifiers: GHSA-9wcx-326r-7j7w, CVE-2011-4905
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4905
- https://issues.apache.org/jira/browse/AMQ-3294
- http://openwall.com/lists/oss-security/2011/12/25/2
- http://openwall.com/lists/oss-security/2011/12/25/6
- http://svn.apache.org/viewvc?view=revision&revision=1209700
- http://svn.apache.org/viewvc?view=revision&revision=1211844
- https://github.com/apache/activemq/commit/3a71f8e33d0309cb0ca5b5758a8f251da205e757
- https://github.com/apache/activemq/commit/9df9d3e89140b7329654ad5675259ec6f0c4b3a7
- https://github.com/apache/activemq/commit/da7f9962c640666a743675085922bf75a656f81b
- https://issues.apache.org/jira/browse/AMQ-1928
- https://github.com/advisories/GHSA-9wcx-326r-7j7w
Blast Radius: 0.0
Affected Packages
maven:org.apache.activemq:activemq-core
Dependent packages: 439Dependent repositories: 7,483
Downloads:
Affected Version Ranges: < 5.6.0
Fixed in: 5.6.0
All affected versions: 4.1.1, 4.1.2, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.5.0, 5.5.1
All unaffected versions: 5.6.0, 5.7.0