Skip to main content

Activemq CVE-2019-0222

HIGH
2019-03-28 security@apache.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 28, 2019 - 22:29 nvd
HIGH 7.5

DescriptionNVD

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

AnalysisAI

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. Affected products include: Apache Activemq, Netapp E-Series Santricity Web Services, Oracle Communications Diameter Signaling Router, Oracle Enterprise Manager Base Platform, Oracle Enterprise Repository.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-1830 MEDIUM POC
5.0 Aug 19

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5

CVE-2015-5254 CRITICAL
9.8 Jan 08

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remot

CVE-2023-46604 CRITICAL POC
9.8 Oct 27

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this v

CVE-2014-3576 HIGH
7.5 Aug 14

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote att

CVE-2021-21345 CRITICAL POC
9.9 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerabi

CVE-2021-21350 CRITICAL POC
9.8 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-21347 CRITICAL POC
9.8 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-21346 CRITICAL POC
9.8 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-21344 CRITICAL POC
9.8 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-21351 CRITICAL POC
9.1 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerabi

CVE-2021-21342 CRITICAL POC
9.1 Mar 23

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerabi

CVE-2024-32114 HIGH POC
8.8 May 02

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and

Share

CVE-2019-0222 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy