| <div class="wiki-content maincontent"><h2>Apache ActiveMQ</h2><h3>2017</h3><ul><li><p class="p1"><span class="s1"><link><attachment ri:filename="CVE-2015-7559-announcement.txt"></attachment><plain-text-link-body>CVE-2015-7559</plain-text-link-body></link> - DoS in client via shutdown command</span></p></li></ul><h3>2016</h3><ul><li><link><attachment ri:filename="CVE-2016-6810-announcement.txt"></attachment><plain-text-link-body>CVE-2016-6810</plain-text-link-body></link> - ActiveMQ Web Console - Cross-Site Scripting</li><li><link><attachment ri:filename="CVE-2016-0734-announcement.txt"></attachment><plain-text-link-body>CVE-2016-0734</plain-text-link-body></link> - ActiveMQ Web Console - Clickjacking</li><li><link><attachment ri:filename="CVE-2016-0782-announcement.txt"></attachment><plain-text-link-body>CVE-2016-0782</plain-text-link-body></link> - ActiveMQ Web Console - Cross-Site Scripting</li><li><link><attachment ri:filename="CVE-2016-3088-announcement.txt"></attachment><plain-text-link-body>CVE-2016-3088</plain-text-link-body></link> - ActiveMQ Fileserver web application vulnerabilities</li></ul><h3>2015</h3><ul><li><link><attachment ri:filename="CVE-2015-5254-announcement.txt"></attachment><plain-text-link-body>CVE-2015-5254</plain-text-link-body></link> - Unsafe deserialization in ActiveMQ</li><li><link><attachment ri:filename="CVE-2015-1830-announcement.txt"></attachment><plain-text-link-body>CVE-2015-1830</plain-text-link-body></link> - Path traversal leading to unauthenticated RCE in ActiveMQ </li></ul><h3>2014</h3><ul><li><link><attachment ri:filename="CVE-2014-3576-announcement.txt"></attachment><plain-text-link-body>CVE-2014-3576</plain-text-link-body></link> - Remote Unauthenticated Shutdown of Broker (DoS)</li><li><link><attachment ri:filename="CVE-2014-3600-announcement.txt"></attachment><plain-text-link-body>CVE-2014-3600</plain-text-link-body></link> - Apache ActiveMQ XXE with XPath selectors</li><li><link><attachment ri:filename="CVE-2014-3612-announcement.txt"></attachment><plain-text-link-body>CVE-2014-3612</plain-text-link-body></link> - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li><li><link><attachment ri:filename="CVE-2014-8110-announcement.txt"></attachment><plain-text-link-body>CVE-2014-8110</plain-text-link-body></link> - <span style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site Scripting</span><span style="line-height: 1.4285715;"><br clear="none"></span></li></ul><h2><span style="line-height: 1.4285715;">ActiveMQ Apollo</span></h2><h3><span style="line-height: 1.4285715;">2014</span></h3><ul><li><span style="line-height: 1.4285715;"><span style="line-height: 1.4285715;"> </span></span><link><attachment ri:filename="CVE-2014-3579-announcement.txt"></attachment><plain-text-link-body>CVE-2014-3579</plain-text-link-body></link><span style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath selectors</span></li></ul><p><span style="line-height: 1.4285715;"> </span></p></div> | |