CVE-2011-4905

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://openwall.com/lists/oss-security/2011/12/25/2
http://openwall.com/lists/oss-security/2011/12/25/6
http://secunia.com/advisories/47112	Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1209700
http://svn.apache.org/viewvc?view=revision&revision=1211844
http://www.securityfocus.com/bid/50904
https://issues.apache.org/jira/browse/AMQ-3294	Exploit
http://openwall.com/lists/oss-security/2011/12/25/2
http://openwall.com/lists/oss-security/2011/12/25/6
http://secunia.com/advisories/47112	Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1209700
http://svn.apache.org/viewvc?view=revision&revision=1211844
http://www.securityfocus.com/bid/50904
https://issues.apache.org/jira/browse/AMQ-3294	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:activemq::::::::
	cpe:2.3:a:apache:activemq:1.1:::::::*
	cpe:2.3:a:apache:activemq:1.2:::::::*
	cpe:2.3:a:apache:activemq:1.3:::::::*
	cpe:2.3:a:apache:activemq:1.4:::::::*
	cpe:2.3:a:apache:activemq:1.5:::::::*
	cpe:2.3:a:apache:activemq:2.0:::::::*
	cpe:2.3:a:apache:activemq:2.1:::::::*
	cpe:2.3:a:apache:activemq:3.0:::::::*
	cpe:2.3:a:apache:activemq:3.1:::::::*
	cpe:2.3:a:apache:activemq:3.2:::::::*
	cpe:2.3:a:apache:activemq:3.2.1:::::::*
	cpe:2.3:a:apache:activemq:3.2.2:::::::*
	cpe:2.3:a:apache:activemq:4.0:::::::*
	cpe:2.3:a:apache:activemq:4.0:m4::::::
	cpe:2.3:a:apache:activemq:4.0:rc2::::::
	cpe:2.3:a:apache:activemq:4.0.1:::::::*
	cpe:2.3:a:apache:activemq:4.0.2:::::::*
	cpe:2.3:a:apache:activemq:4.1.0:::::::*
	cpe:2.3:a:apache:activemq:4.1.1:::::::*
	cpe:2.3:a:apache:activemq:4.1.2:::::::*
	cpe:2.3:a:apache:activemq:5.0.0:::::::*
	cpe:2.3:a:apache:activemq:5.1.0:::::::*
	cpe:2.3:a:apache:activemq:5.2.0:::::::*
	cpe:2.3:a:apache:activemq:5.3.0:::::::*
	cpe:2.3:a:apache:activemq:5.3.1:::::::*
	cpe:2.3:a:apache:activemq:5.3.2:::::::*
	cpe:2.3:a:apache:activemq:5.4.0:::::::*
	cpe:2.3:a:apache:activemq:5.4.1:::::::*
	cpe:2.3:a:apache:activemq:5.4.2:::::::*
	cpe:2.3:a:apache:activemq:5.4.3:::::::*
	cpe:2.3:a:apache:activemq:5.5.0:::::::*

History

21 Nov 2024, 01:33

Type	Values Removed	Values Added
References	~~() http://openwall.com/lists/oss-security/2011/12/25/2 -~~	() http://openwall.com/lists/oss-security/2011/12/25/2 -
References	~~() http://openwall.com/lists/oss-security/2011/12/25/6 -~~	() http://openwall.com/lists/oss-security/2011/12/25/6 -
References	~~() http://secunia.com/advisories/47112 - Vendor Advisory~~	() http://secunia.com/advisories/47112 - Vendor Advisory
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1209700 -~~	() http://svn.apache.org/viewvc?view=revision&revision=1209700 -
References	~~() http://svn.apache.org/viewvc?view=revision&revision=1211844 -~~	() http://svn.apache.org/viewvc?view=revision&revision=1211844 -
References	~~() http://www.securityfocus.com/bid/50904 -~~	() http://www.securityfocus.com/bid/50904 -
References	~~() https://issues.apache.org/jira/browse/AMQ-3294 - Exploit~~	() https://issues.apache.org/jira/browse/AMQ-3294 - Exploit

Information

Published : 2012-01-05 16:55

Updated : 2024-11-21 01:33

NVD link : CVE-2011-4905

Mitre link : CVE-2011-4905

CVE.ORG link : CVE-2011-4905

JSON object : View

Products Affected

apache

activemq

CWE

CWE-399

Resource Management Errors

5.0 /10