CVE-2013-3060

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

Published Bycve@mitre.org

Published DateApr 21, 2013, 21:55

Affected Versions(1)

org.apache.activemq:activemq-client(Maven)

Introduced0

Fixed5.8.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.activemq:activemq-client(Maven)	0	5.8.0	N/A

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

6.4

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

6.4

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

PARTIAL