This issue was resolved with the release of the 2.20.0-rc1 and 2.19.1. An attacker could send a specially crafted request which would cause the server to consume excessive amounts of memory, eventually resulting in a DoS condition. This issue was resolved with the release of the 2.20.0-rc1 and 2.19.1. An attacker could send a specially crafted request which would cause the server to consume excessive amounts of memory, eventually resulting in a DoS condition. CVE-2018-5188 The Apache ActiveMQ Artemis distribution prior to 2.20.0 or 2.19.1, when using ActiveMQ CEP, did not restrict access to ActiveMQ CEP endpoint. An attacker could leverage this issue to access ActiveMQ CEP endpoint and perform actions against the ActiveMQ CEP. This issue was resolved with the release of the 2.20.0-rc1 and 2.19.1. An attacker could leverage this issue to access ActiveMQ CEP endpoint and perform actions against the ActiveMQ CEP. CVE-2018-5189 The Apache ActiveMQ Artemis distribution prior to 2.20.0 or 2.19.1, when using ActiveMQ CEP, did not check whether a request was a POST or a GET. An attacker could leverage this issue to access ActiveMQ CEP endpoint and perform actions against the ActiveMQ CEP. This issue was resolved with the release of the 2.20.
What is Apache ActiveMQ?
ActiveMQ is a Java-based messaging system that can run on a variety of platforms. Apache ActiveMQ Artemis allows developers to create and maintain high-performance, event-driven applications. ActiveMQ Artemis is a popular open source alternative to other commercially available messaging products like IBM WebSphere MQ and Microsoft MSMQ.
Overview
In Apache ActiveMQ Artemis, a DoS issue was resolved and an issue in the ActiveMQ CEP was addressed. The CVE-2018-5188, which allowed for an attacker to access the ActiveMQ CEP endpoint, has been resolved with the release of 2.20.0-rc1 and 2.19.1; this vulnerability has been fixed and is no longer exploitable.
Timeline
Published on: 02/04/2022 23:15:00 UTC
Last modified on: 05/01/2022 01:04:00 UTC