CVE-2012-6551

Apache ActiveMQ < 5.8.0 - Denial of Service via Default Web Demo Application

Title source: llm
STIX 2.1

Description

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

References (7)

Core 7
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1029.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/59401
Various Sources x_refsource_confirm
http://activemq.apache.org/activemq-580-release.html
Various Sources x_refsource_confirm
https://issues.apache.org/jira/browse/AMQ-4124

Scores

EPSS 0.0767
EPSS Percentile 93.9%

Details

CWE
CWE-399
Status published
Products (20)
apache/activemq 4.0 (3 CPE variants)
apache/activemq 4.0.1
apache/activemq 4.0.2
apache/activemq 4.1.0
apache/activemq 4.1.1
apache/activemq 5.0.0
apache/activemq 5.1.0
apache/activemq 5.2.0
apache/activemq 5.3.0
apache/activemq 5.3.1
... and 10 more
Published Apr 21, 2013
Tracked Since Feb 18, 2026