The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
Max CVSS
6.4
EPSS Score
0.46%
Published
2013-04-21
Updated
2016-11-28
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
Max CVSS
5.0
EPSS Score
0.52%
Published
2013-04-21
Updated
2016-11-28
2 vulnerabilities found