CVE-2012-6551 — Apache ActiveMQ default configuration subject to denial of service

Description

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

How to fix CVE-2012-6551

To remediate CVE-2012-6551, upgrade the affected package to a fixed version below.

Maven/org.apache.activemq:activemq-web-demo—upgrade to 5.8.0 or later
Maven/org.apache.activemq:apache-activemq—upgrade to 5.8.0 or later

Is CVE-2012-6551 being exploited?

Moderate — EPSS is 8.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 5.8.0
from 0, < 5.8.0

References (12)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-6551
PATCHgithub.com/apache/activemq
WEBactivemq.apache.org/activemq-580-release.html
WEBrhn.redhat.com/errata/RHSA-2013-1029.html
WEB