Test ID:	1.3.6.1.4.1.25623.1.0.108289
Category:	General
Title:	Apache ActiveMQ < 5.10.1 Multiple Security Vulnerabilities - Linux
Summary:	Apache ActiveMQ is prone to multiple security vulnerabilities.
Description:	Summary: Apache ActiveMQ is prone to multiple security vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - a XML external entity (XXE) vulnerability (CVE-2014-3600) - the LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) allowing logging in with an empty password and valid username, which triggers an unauthenticated bind. (CVE-2014-3612) - multiple cross-site scripting (XSS) vulnerabilities in the web based administration console (CVE-2014-8110) - the LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) allowing wildcard operators in usernames (CVE-2015-6524) Vulnerability Impact: Successful exploitation allows remote attackers to, - have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages (CVE-2014-3600) - bypass authentication (CVE-2014-3612) - inject arbitrary web script or HTML via unspecified vectors (CVE-2014-8110) - obtain credentials via a brute force attack (CVE-2015-6524) Affected Software/OS: Apache ActiveMQ version before 5.10.1. Solution: Update to Apache ActiveMQ version 5.10.1, or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3600 BugTraq ID: 72510 http://www.securityfocus.com/bid/72510 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E http://seclists.org/oss-sec/2015/q1/427 XForce ISS Database: apache-activemq-cve20143600-info-disc(100722) https://exchange.xforce.ibmcloud.com/vulnerabilities/100722 Common Vulnerability Exposure (CVE) ID: CVE-2014-3612 72513 http://www.securityfocus.com/bid/72513 RHSA-2015:0137 http://rhn.redhat.com/errata/RHSA-2015-0137.html RHSA-2015:0138 http://rhn.redhat.com/errata/RHSA-2015-0138.html [activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/ https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E [oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt Common Vulnerability Exposure (CVE) ID: CVE-2014-8110 62649 http://secunia.com/advisories/62649 72511 http://www.securityfocus.com/bid/72511 [oss-security] 20150205 [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities apache-activemq-cve20148110-xss(100724) https://exchange.xforce.ibmcloud.com/vulnerabilities/100724 http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt Common Vulnerability Exposure (CVE) ID: CVE-2015-6524 http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.