Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-3060

Опубликовано: 02 нояб. 2012
Источник: redhat
CVSS2: 7.5
EPSS Низкий

Описание

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

Отчет

Fuse ESB Enterprise 7.1.0, Fuse MQ Enterprise 7.1.1, JBoss Fuse 6.0.0 and JBoss A-MQ 6.0.0 all contain the Apache ActiveMQ web console, but it is not deployed by default. The documentation for deploying the web console covers the configuration needed to ensure authentication is enabled, therefore these products are not affected by this flaw. In a future update to these products, the web console will be configured so that authentication is automatically enabled if the web console is deployed, eliminating the need to manually configure it. A future update may address this flaw in Fuse Message Broker 5.5.1.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1activemqAffected
Red Hat JBoss Enterprise Web Server 1amqNot affected
Red Hat JBoss Enterprise Web Server 1fuse-6.0Not affected
Red Hat JBoss Enterprise Web Server 1fuse-esb-7.1Not affected
Red Hat JBoss Enterprise Web Server 1fuse-mb-5.5.1Affected
Red Hat JBoss Enterprise Web Server 1fuse-mc-7.1.0Not affected
Red Hat JBoss Enterprise Web Server 1fuse-mq-7.1Not affected
Red Hat JBoss Enterprise Web Server 1fuse-othersWill not fix
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss SOA Platform 4.3activemqWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-306
https://bugzilla.redhat.com/show_bug.cgi?id=955908activemq: Unauthenticated access to web console

EPSS

Процентиль: 77%
0.01019
Низкий

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-3060

ubuntu
почти 13 лет назад

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

nvd логотип

CVE-2013-3060

nvd
почти 13 лет назад

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

debian логотип

CVE-2013-3060

debian
почти 13 лет назад

The web console in Apache ActiveMQ before 5.8.0 does not require authe ...

github логотип

GHSA-p358-58jj-hp65

github
больше 3 лет назад

Improper Authentication in Apache ActiveMQ

EPSS

Процентиль: 77%
0.01019
Низкий

7.5 High

CVSS2