CVE-2011-4905
MEDIUM severity · CVSS 5 · CWE-399
5CVSS MEDIUM
Summary
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)9%
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/47112Advisory
- http://openwall.com/lists/oss-security/2011/12/25/2
- http://openwall.com/lists/oss-security/2011/12/25/6
- http://svn.apache.org/viewvc?view=revision&revision=1209700
- http://svn.apache.org/viewvc?view=revision&revision=1211844
- http://www.securityfocus.com/bid/50904
- https://issues.apache.org/jira/browse/AMQ-3294Exploit