Information on source package activemq

Available versions

ReleaseVersion
jessie5.6.0+dfsg1-4+deb8u3
stretch5.14.3-3+deb9u2
buster5.15.8-2
buster (security)5.15.16-0+deb10u1
bullseye5.16.1-1
bookworm5.17.2+dfsg-2
trixie5.17.6+dfsg-1
sid5.17.6+dfsg-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-46604vulnerablevulnerablefixedvulnerablevulnerablefixedfixedThe Java OpenWire protocol marshaller is vulnerable to Remote Code Ex ...
CVE-2022-41678vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedOnce an user is authenticated on Jolokia, he can potentially trigger a ...
CVE-2021-26117vulnerablefixedfixedfixedfixedfixedfixedThe optional ActiveMQ LDAP login module can be configured to use anony ...
CVE-2020-13920vulnerablefixedfixedfixedfixedfixedfixedApache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...
CVE-2018-11775vulnerable (no DSA)fixedfixedfixedfixedfixedfixedTLS hostname verification when using the Apache ActiveMQ Client before ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2020-13947vulnerablevulnerablevulnerablefixedfixedfixedfixedAn instance of a cross-site scripting vulnerability was identified to ...
CVE-2020-1941vulnerablevulnerablevulnerablefixedfixedfixedfixedIn Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ...
CVE-2018-8006vulnerablevulnerablefixedfixedfixedfixedfixedAn instance of a cross-site scripting vulnerability was identified to ...
CVE-2016-6810vulnerablefixedfixedfixedfixedfixedfixedIn Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scri ...
CVE-2016-0782vulnerablefixedfixedfixedfixedfixedfixedThe administration web console in Apache ActiveMQ 5.x before 5.11.4, 5 ...

Resolved issues

BugDescription
CVE-2020-11998A regression has been introduced in the commit preventing JMX re-bind. ...
CVE-2019-0222In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ...
CVE-2017-15709When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...
CVE-2016-3088The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 al ...
CVE-2016-0734The web-based administration console in Apache ActiveMQ 5.x before 5.1 ...
CVE-2015-7559It was found that the Apache ActiveMQ client before 5.14.5 exposed a r ...
CVE-2015-6524The LDAPLoginModule implementation in the Java Authentication and Auth ...
CVE-2015-5254Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that c ...
CVE-2015-1830Directory traversal vulnerability in the fileserver upload/download fu ...
CVE-2014-8110Multiple cross-site scripting (XSS) vulnerabilities in the web based a ...
CVE-2014-3612The LDAPLoginModule implementation in the Java Authentication and Auth ...
CVE-2014-3600XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before ...
CVE-2014-3576The processControlCommand function in broker/TransportConnection.java ...
CVE-2013-3060The web console in Apache ActiveMQ before 5.8.0 does not require authe ...
CVE-2013-1880Cross-site scripting (XSS) vulnerability in the Portfolio publisher se ...
CVE-2013-1879Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache Ac ...
CVE-2012-6551The default configuration of Apache ActiveMQ before 5.8.0 enables a sa ...
CVE-2012-6092Multiple cross-site scripting (XSS) vulnerabilities in the web demos i ...
CVE-2011-4905Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...

Security announcements

DSA / DLADescription
DLA-3657-1activemq - security update
DLA-2583-1activemq - security update
DLA-2400-1activemq - security update
DLA-913-1activemq - security update
DSA-3524-1activemq - security update
DSA-3330-1activemq - security update
Search for package or bug name: Reporting problems