CVE-2019-0222

HIGH

Apache ActiveMQ <5.15.8 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-0222. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2019-0222, a deserialization vulnerability in Apache ActiveMQ. The exploit targets the AMQP protocol implementation, specifically the frame parsing logic, to achieve remote code execution.

Description

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Exploits (1)

nomisec WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/apache__activemq_CVE-2019-0222_5-15-8

This repository contains a proof-of-concept exploit for CVE-2019-0222, a deserialization vulnerability in Apache ActiveMQ. The exploit targets the AMQP protocol implementation, specifically the frame parsing logic, to achieve remote code execution.

Classification
Working Poc 90%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Apache ActiveMQ versions 5.15.8 and earlier
No auth needed
Prerequisites: Network access to the target ActiveMQ instance · AMQP protocol enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (19)

Core 19
Core References
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2020.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/03/27/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107622
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html
Mitigation, Third Party Advisory x_refsource_confirm
http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190502-0006/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

Scores

CVSS v3 7.5
EPSS 0.0892
EPSS Percentile 92.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (14)
apache/activemq 5.0.0 - 5.15.8
debian/debian_linux 9.0
netapp/e-series_santricity_web_services
oracle/communications_diameter_signaling_router 8.0.0
oracle/communications_diameter_signaling_router 8.1
oracle/communications_diameter_signaling_router 8.2
oracle/communications_diameter_signaling_router 8.2.1
oracle/enterprise_manager_base_platform 12.1.0.5.0
oracle/enterprise_manager_base_platform 13.2.0.0.0
oracle/enterprise_manager_base_platform 13.3.0.0.0
... and 4 more
Published Mar 28, 2019
Tracked Since Feb 18, 2026