6.4
CVE-2013-3060
- EPSS 6.31%
- Veröffentlicht 21.04.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.31% | 0.927 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://activemq.apache.org/activemq-580-release.html
http://rhn.redhat.com/errata/RHSA-2013-1029.html
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282
http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.html
https://fisheye6.atlassian.com/changelog/activemq?cs=1404998
https://issues.apache.org/jira/browse/AMQ-4124
http://rhn.redhat.com/errata/RHSA-2013-1221.html
http://www.securityfocus.com/bid/59402