Apache

Activemq

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.42%
  • Veröffentlicht 07.04.2026 07:50:58
  • Zuletzt bearbeitet 20.04.2026 16:50:36

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances (when creating a Stomp consumer and also b...

Warnung Medienbericht
  • EPSS 96.67%
  • Veröffentlicht 07.04.2026 07:50:10
  • Zuletzt bearbeitet 30.06.2026 20:20:00

Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The defau...

  • EPSS 0.78%
  • Veröffentlicht 04.03.2026 08:45:00
  • Zuletzt bearbeitet 10.04.2026 11:16:21

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the  following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://www.cve.org/...

  • EPSS 8.45%
  • Veröffentlicht 07.05.2025 09:15:18
  • Zuletzt bearbeitet 03.11.2025 20:18:02

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a ...

Medienbericht
  • EPSS 6.92%
  • Veröffentlicht 02.05.2024 09:15:06
  • Zuletzt bearbeitet 11.02.2025 16:31:00

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, an...

Medienbericht
  • EPSS 85.81%
  • Veröffentlicht 28.11.2023 16:15:06
  • Zuletzt bearbeitet 03.11.2025 22:16:00

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandle...

Warnung Medienbericht Exploit
  • EPSS 99.65%
  • Veröffentlicht 27.10.2023 15:15:14
  • Zuletzt bearbeitet 04.11.2025 16:41:16

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating seria...

Exploit
  • EPSS 82.14%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:34:20

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed inpu...

Exploit
  • EPSS 15.23%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:43:08

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is a...

Exploit
  • EPSS 46.83%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:42:48

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipul...