CVE-2011-4905 — Denial of Service in Apache ActiveMQ

Description

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

How to fix CVE-2011-4905

To remediate CVE-2011-4905, upgrade the affected package to a fixed version below.

Debian/activemq—upgrade to 5.5.0+dfsg-5 or later
Maven/org.apache.activemq:activemq-core—upgrade to 5.6.0 or later

Is CVE-2011-4905 being exploited?

Moderate — EPSS is 12.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 5.5.0+dfsg-5
from 0, < 5.6.0

References (12)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2011-4905
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-4905
WEBopenwall.com/lists/oss-security/2011/12/25/2
WEBopenwall.com/lists/oss-security/2011/12/25/6
WEB