漏洞类别:CGI
漏洞等级: 
漏洞信息
Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client.
The vulnerability exists because the Apache ActiveMQ client failed to impose sufficient security restrictions on a remote shutdown command in the ActiveMQConnection class. A remote attacker could exploit this vulnerability to cause a denial of service condition on the targeted machine.
Affected Versions:
Apache ActiveMQ 5.0.0 - 5.14.4
QID Detection Logic:
This QID tries to get the Apache ActiveMQ versions from admin/index.jsp pages if the target allows unauthenticated access to the admin directory.
漏洞危害
Successful exploitation allows remote attackers to conduct denial of service condition on a targeted system.
解决方案
Customers are suggested to upgrade to Apache ActiveMQ 5.14.5 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论