Search
Search Results (66 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8006 | 1 Apache | 1 Activemq | 2024-11-21 | 6.1 Medium |
| An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. | ||||
| CVE-2018-11775 | 3 Apache, Oracle, Redhat | 4 Activemq, Enterprise Repository, Flexcube Private Banking and 1 more | 2024-11-21 | N/A |
| TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. | ||||
| CVE-2017-15709 | 1 Apache | 1 Activemq | 2024-11-21 | N/A |
| When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. | ||||
| CVE-2017-12174 | 2 Apache, Redhat | 5 Activemq Artemis, Enterprise Linux, Hornetq and 2 more | 2024-11-21 | 7.5 High |
| It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. | ||||
| CVE-2016-6810 | 1 Apache | 1 Activemq | 2024-11-21 | N/A |
| In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | ||||
| CVE-2015-7559 | 2 Apache, Redhat | 4 Activemq, Jboss A-mq, Jboss Amq and 1 more | 2024-11-21 | 2.7 Low |
| It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | ||||