Apache ActiveMQ 5.17.1

Common Vulnerabilities & Exposures (CVE)

Release Date: 2022-04-25

Supported lifecycle: Full Support

Namespace: javax

CVEs: 5

Get Support

CVE Affecting Apache ActiveMQ 5.17.1

CVE

Severity

Description

Category

CVE-2023-46604

2023-10-24

10.0

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

data operational

7.5

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

5.3

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

data operational

Denial-of-service vulnerability

Details

CVE-2022-22970

2022-01-10

5.3

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

6.5

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

data

CWE-770:

Details

Scanned for Vulnerabilities lately?

Contact us & see how we can help.

First name ^*
Last name ^*
Email ^*
Company ^*
How did you hear about Tomitribe? ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.

Apache ActiveMQ 5.17.1

Common Vulnerabilities & Exposures (CVE)

CVE Affecting Apache ActiveMQ 5.17.1

Scanned for Vulnerabilities lately?

Contact us & see how we can help.

First name ^*
Last name ^*
Email ^*
Company ^*
How did you hear about Tomitribe? ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.

Tomitribe

Services

Open Source

Apache ActiveMQ 5.17.1

Common Vulnerabilities & Exposures (CVE)

CVE Affecting Apache ActiveMQ 5.17.1

Scanned for Vulnerabilities lately?

Contact us & see how we can help.

First name * Last name * Email * Company * How did you hear about Tomitribe? * BlogsConference/Event TalkColleague ReferralSocial MediaSearch EngineOpen Source (please be specific)Other (please be specific) Tell us more * Send me a confirmation email * These fields are required.

Tomitribe

Services

Open Source

First name ^*
Last name ^*
Email ^*
Company ^*
How did you hear about Tomitribe? ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.