| Release | Version |
|---|---|
| jessie | 5.6.0+dfsg1-4+deb8u3 |
| stretch | 5.14.3-3+deb9u2 |
| buster | 5.15.16-0+deb10u1 |
| bullseye | 5.16.1-1 |
| bullseye (security) | 5.16.1-1+deb11u1 |
| bookworm | 5.17.2+dfsg-2+deb12u1 |
| trixie | 5.17.6+dfsg-1 |
| sid | 5.17.6+dfsg-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46604 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | The Java OpenWire protocol marshaller is vulnerable to Remote Code Ex ... |
| CVE-2022-41678 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Once an user is authenticated on Jolokia, he can potentially trigger a ... |
| CVE-2021-26117 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | The optional ActiveMQ LDAP login module can be configured to use anony ... |
| CVE-2020-13920 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ... |
| CVE-2018-11775 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | TLS hostname verification when using the Apache ActiveMQ Client before ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13947 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | An instance of a cross-site scripting vulnerability was identified to ... |
| CVE-2020-1941 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ... |
| CVE-2018-8006 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | An instance of a cross-site scripting vulnerability was identified to ... |
| CVE-2016-6810 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scri ... |
| CVE-2016-0782 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5 ... |
| Bug | Description |
|---|---|
| CVE-2024-32114 | In Apache ActiveMQ 6.x, the default configuration doesn't secure the A ... |
| CVE-2020-11998 | A regression has been introduced in the commit preventing JMX re-bind. ... |
| CVE-2019-0222 | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame ca ... |
| CVE-2017-15709 | When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ... |
| CVE-2016-3088 | The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 al ... |
| CVE-2016-0734 | The web-based administration console in Apache ActiveMQ 5.x before 5.1 ... |
| CVE-2015-7559 | It was found that the Apache ActiveMQ client before 5.14.5 exposed a r ... |
| CVE-2015-6524 | The LDAPLoginModule implementation in the Java Authentication and Auth ... |
| CVE-2015-5254 | Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that c ... |
| CVE-2015-1830 | Directory traversal vulnerability in the fileserver upload/download fu ... |
| CVE-2014-8110 | Multiple cross-site scripting (XSS) vulnerabilities in the web based a ... |
| CVE-2014-3612 | The LDAPLoginModule implementation in the Java Authentication and Auth ... |
| CVE-2014-3600 | XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before ... |
| CVE-2014-3576 | The processControlCommand function in broker/TransportConnection.java ... |
| CVE-2013-3060 | The web console in Apache ActiveMQ before 5.8.0 does not require authe ... |
| CVE-2013-1880 | Cross-site scripting (XSS) vulnerability in the Portfolio publisher se ... |
| CVE-2013-1879 | Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache Ac ... |
| CVE-2012-6551 | The default configuration of Apache ActiveMQ before 5.8.0 enables a sa ... |
| CVE-2012-6092 | Multiple cross-site scripting (XSS) vulnerabilities in the web demos i ... |
| CVE-2011-4905 | Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ... |
| DSA / DLA | Description |
|---|---|
| DSA-5798-1 | activemq - security update |
| DLA-3936-1 | activemq - security update |
| DLA-3657-1 | activemq - security update |
| DLA-2583-1 | activemq - security update |
| DLA-2400-1 | activemq - security update |
| DLA-913-1 | activemq - security update |
| DSA-3524-1 | activemq - security update |
| DSA-3330-1 | activemq - security update |