CVE-2022-23913 Artemis prior to 2.20.0 or 2.19.1 could be DoSed by memory consumption.

CVE-2022-23913 Artemis prior to 2.20.0 or 2.19.1 could be DoSed by memory consumption.

This issue was resolved with the release of the 2.20.0-rc1 and 2.19.1. An attacker could send a specially crafted request which would cause the server to consume excessive amounts of memory, eventually resulting in a DoS condition. This issue was resolved with the release of the 2.20.0-rc1 and 2.19.1. An attacker could send a specially crafted request which would cause the server to consume excessive amounts of memory, eventually resulting in a DoS condition. CVE-2018-5188 The Apache ActiveMQ Artemis distribution prior to 2.20.0 or 2.19.1, when using ActiveMQ CEP, did not restrict access to ActiveMQ CEP endpoint. An attacker could leverage this issue to access ActiveMQ CEP endpoint and perform actions against the ActiveMQ CEP. This issue was resolved with the release of the 2.20.0-rc1 and 2.19.1. An attacker could leverage this issue to access ActiveMQ CEP endpoint and perform actions against the ActiveMQ CEP. CVE-2018-5189 The Apache ActiveMQ Artemis distribution prior to 2.20.0 or 2.19.1, when using ActiveMQ CEP, did not check whether a request was a POST or a GET. An attacker could leverage this issue to access ActiveMQ CEP endpoint and perform actions against the ActiveMQ CEP. This issue was resolved with the release of the 2.20.

What is Apache ActiveMQ?

ActiveMQ is a Java-based messaging system that can run on a variety of platforms. Apache ActiveMQ Artemis allows developers to create and maintain high-performance, event-driven applications. ActiveMQ Artemis is a popular open source alternative to other commercially available messaging products like IBM WebSphere MQ and Microsoft MSMQ.

Overview

In Apache ActiveMQ Artemis, a DoS issue was resolved and an issue in the ActiveMQ CEP was addressed. The CVE-2018-5188, which allowed for an attacker to access the ActiveMQ CEP endpoint, has been resolved with the release of 2.20.0-rc1 and 2.19.1; this vulnerability has been fixed and is no longer exploitable.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe