CVE-2011-4905
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
Known Affected Software
29 configuration(s) from 1 vendor(s)
activemq
Version:
3.2.2
CPE:
cpe:2.3:a:apache:activemq:3.2.2:*:*:*:*:*:*:*
activemq
Version:
4.0.2
CPE:
cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
activemq
Version:
5.4.2
CPE:
cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
activemq
Version:
2.0
CPE:
cpe:2.3:a:apache:activemq:2.0:*:*:*:*:*:*:*
activemq
Version:
3.0
CPE:
cpe:2.3:a:apache:activemq:3.0:*:*:*:*:*:*:*
activemq
Version:
5.3.0
CPE:
cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
activemq
Version:
1.5
CPE:
cpe:2.3:a:apache:activemq:1.5:*:*:*:*:*:*:*
activemq
Version:
5.4.3
CPE:
cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
activemq
Version:
5.0.0
CPE:
cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
activemq
Version:
3.2
CPE:
cpe:2.3:a:apache:activemq:3.2:*:*:*:*:*:*:*
activemq
Version:
5.3.2
CPE:
cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
activemq
Version:
4.1.2
CPE:
cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*
activemq
Version:
3.1
CPE:
cpe:2.3:a:apache:activemq:3.1:*:*:*:*:*:*:*
activemq
Version:
1.3
CPE:
cpe:2.3:a:apache:activemq:1.3:*:*:*:*:*:*:*
activemq
Version:
4.0
CPE:
cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
activemq
Version:
5.4.1
CPE:
cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
activemq
Version:
5.2.0
CPE:
cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
activemq
Version:
5.3.1
CPE:
cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
activemq
Version:
1.1
CPE:
cpe:2.3:a:apache:activemq:1.1:*:*:*:*:*:*:*
activemq
Version:
1.4
CPE:
cpe:2.3:a:apache:activemq:1.4:*:*:*:*:*:*:*
activemq
Version:
4.0.1
CPE:
cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
activemq
Version:
3.2.1
CPE:
cpe:2.3:a:apache:activemq:3.2.1:*:*:*:*:*:*:*
activemq
Version:
1.2
CPE:
cpe:2.3:a:apache:activemq:1.2:*:*:*:*:*:*:*
activemq
Version:
5.1.0
CPE:
cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
activemq
Version:
4.1.0
CPE:
cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
activemq
Version:
2.1
CPE:
cpe:2.3:a:apache:activemq:2.1:*:*:*:*:*:*:*
activemq
Version:
5.5.0
CPE:
cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
activemq
Version:
5.4.0
CPE:
cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
activemq
Version:
4.1.1
CPE:
cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
This vulnerability affects 29 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://openwall.com/lists/oss-security/2011/12/25/2secalert@redhat.com
-
http://openwall.com/lists/oss-security/2011/12/25/6secalert@redhat.com
-
http://secunia.com/advisories/47112secalert@redhat.com Vendor Advisory
-
http://svn.apache.org/viewvc?view=revision&revision=1209700secalert@redhat.com
-
http://svn.apache.org/viewvc?view=revision&revision=1211844secalert@redhat.com
-
http://www.securityfocus.com/bid/50904secalert@redhat.com
-
https://issues.apache.org/jira/browse/AMQ-3294secalert@redhat.com Exploit
-
http://openwall.com/lists/oss-security/2011/12/25/2af854a3a-2127-422b-91ae-364da2661108
-
http://openwall.com/lists/oss-security/2011/12/25/6af854a3a-2127-422b-91ae-364da2661108
-
http://secunia.com/advisories/47112af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://svn.apache.org/viewvc?view=revision&revision=1209700af854a3a-2127-422b-91ae-364da2661108
-
http://svn.apache.org/viewvc?view=revision&revision=1211844af854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/50904af854a3a-2127-422b-91ae-364da2661108
-
https://issues.apache.org/jira/browse/AMQ-3294af854a3a-2127-422b-91ae-364da2661108 Exploit
Severity Details
out of 10.0
Low
Key Information
- Published Date
- January 05, 2012
