Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-6996

ActiveMQ 5.15.4 xercesImpl-2.11.0.jar which has one high severity CVE against it.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 5.15.4
    • Fix Version/s: 5.15.5, 5.16.0
    • Component/s: Broker, Web Console
    • Labels:
      None
    • Environment:

      Description

      ActiveMQ 5.15.4 xercesImpl-2.11.0.jar which has one high severity CVE against it.
      Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and running the OWASP report.

      CVE-2012-0881 Severity:High  CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
      CWE: CWE-399 Resource Management Errors
      Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
      CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=787104
      MLIST - [oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff
      Vulnerable Software & Versions:
      cpe:/a:apache:xerces2_java:2.11.0 and all previous versions

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ABakerIII Albert Baker
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: