| CVE-2014-3576: Remote Unauthenticated Shutdown of Broker (DoS) | |
| Severity: Important | |
| Vendor: | |
| The Apache Software Foundation | |
| Versions Affected: | |
| Apache ActiveMQ 5.0.0 - 5.10.1 | |
| Description: | |
| It is possible to shutdown an ActiveMQ broker remotely without authentication. The offending network packet is sent to the same port as a message consumer or producer would connect to. If the port is exposed, | |
| the attack will be possible. | |
| Mitigation: | |
| Upgrade to Apache ActiveMQ 5.11.0 | |