Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all durable topic subscriptions in the broker, including client identifiers, subscription names, topic destinations, and JMS selector expressions, by sending a BrokerInfo command. The broker incorrectly responds without first ensuring the connection is authenticated. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, from 6.0.0 before 6.2.6. Users are recommended to upgrade to version 6.2.6 or 5.19.7, which fixes the issue.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NApache Activemq
APPApache< 5.19.76.0.0 – 6.2.6 (bez)Apache Activemq Broker
APPApache< 5.19.76.0.0 – 6.2.6 (bez)
Powiązane podatności
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a ...
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and exec...
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to ...
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may a...
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have u...