CVE-2013-3060 — Improper Authentication in Apache ActiveMQ

Description

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

How to fix CVE-2013-3060

To remediate CVE-2013-3060, upgrade the affected package to a fixed version below.

Maven/org.apache.activemq:activemq-client—upgrade to 5.8.0 or later

Is CVE-2013-3060 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 5.8.0

References (12)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-3060
PATCHgithub.com/apache/activemq
WEBactivemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.html
WEBactivemq.apache.org/activemq-580-release.html