Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4905

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4905
Last Modified 05 Jan 2012 02:13:42
Published 05 Jan 2012 11:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4905

Summary

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

Vulnerable Systems

Application

  • Apache Activemq 1.1

  • Apache Activemq 1.2

  • Apache Activemq 1.3

  • Apache Activemq 1.4

  • Apache Activemq 1.5

  • Apache Activemq 2.0

  • Apache Activemq 2.1

  • Apache Activemq 3.0

  • Apache Activemq 3.1

  • Apache Activemq 3.2

  • Apache Activemq 3.2.1

  • Apache Activemq 3.2.2

  • Apache Activemq 4.0

  • Apache Activemq 4.0.1

  • Apache Activemq 4.0.2

  • Apache Activemq 4.1.0

  • Apache Activemq 4.1.1

  • Apache Activemq 4.1.2

  • Apache Activemq 5.0.0

  • Apache Activemq 5.1.0

  • Apache Activemq 5.2.0

  • Apache Activemq 5.3.0

  • Apache Activemq 5.3.1

  • Apache Activemq 5.3.2

  • Apache Activemq 5.4.0

  • Apache Activemq 5.4.1

  • Apache Activemq 5.4.2

  • Apache Activemq 5.4.3

  • Apache Activemq 5.5.0

  • Apache Activemq 5.5.1


References

CONFIRM - https://issues.apache.org/jira/browse/AMQ-3294

BID - 50904

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1211844

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1209700

SECUNIA - 47112

MLIST - [oss-security] 20111225 Re: CVE Request for Apache ActiveMQ DoS

MLIST - [oss-security] 20111224 CVE Request for Apache ActiveMQ DoS


Last Updated: 27 May 2016 10:57:18