CVE-2014-3576: Remote Unauthenticated Shutdown of Broker (DoS) | |
Severity: Important | |
Vendor: | |
The Apache Software Foundation | |
Versions Affected: | |
Apache ActiveMQ 5.0.0 - 5.10.1 | |
Description: | |
It is possible to shutdown an ActiveMQ broker remotely without authentication. The offending network packet is sent to the same port as a message consumer or producer would connect to. If the port is exposed, | |
the attack will be possible. | |
Mitigation: | |
Upgrade to Apache ActiveMQ 5.11.0 | |