It is possible to shutdown an ActiveMQ broker remotely without authentication. The offending network packet is sent to the same port as a message consumer or producer would connect to. If the port is exposed, the attack will be possible. Apache ActiveMQ versions 5.0.0 through 5.10.1 are affected.
1a5c7436172e37ca0992c82ef6908079a93087a9cf4257c43499a47fa09a74a1Debian Linux Security Advisory 3330-1 - It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command.
9ec5ec85bdcecd061f51bcc28a6fc9bd8dcdc10d71ce40b998ad5ca072cf8527
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed