activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tab...@apache.org
Subject svn commit: r971586 - /websites/production/activemq/content/security-advisories.data/CVE-2014-3576-announcement.txt
Date Fri, 06 Nov 2015 18:00:16 GMT
Author: tabish
Date: Fri Nov  6 18:00:16 2015
New Revision: 971586

Log:
Add advisory for CVE-2014-3576

Added:
    websites/production/activemq/content/security-advisories.data/CVE-2014-3576-announcement.txt
  (with props)

Added: websites/production/activemq/content/security-advisories.data/CVE-2014-3576-announcement.txt
==============================================================================
--- websites/production/activemq/content/security-advisories.data/CVE-2014-3576-announcement.txt
(added)
+++ websites/production/activemq/content/security-advisories.data/CVE-2014-3576-announcement.txt
Fri Nov  6 18:00:16 2015
@@ -0,0 +1,18 @@
+CVE-2014-3576: Remote Unauthenticated Shutdown of Broker (DoS)
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.10.1
+
+Description:
+It is possible to shutdown an ActiveMQ broker remotely without authentication. The offending
network packet is sent to the same port as a message consumer or producer would connect to.
If the port is exposed,
+the attack will be possible.
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.11.0
+
+

Propchange: websites/production/activemq/content/security-advisories.data/CVE-2014-3576-announcement.txt
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message