The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Activemq | Apache | * | 5.7.0 (including) |
| Activemq | Apache | 4.0 (including) | 4.0 (including) |
| Activemq | Apache | 4.0-m4 (including) | 4.0-m4 (including) |
| Activemq | Apache | 4.0-rc2 (including) | 4.0-rc2 (including) |
| Activemq | Apache | 4.0.1 (including) | 4.0.1 (including) |
| Activemq | Apache | 4.0.2 (including) | 4.0.2 (including) |
| Activemq | Apache | 4.1.0 (including) | 4.1.0 (including) |
| Activemq | Apache | 4.1.1 (including) | 4.1.1 (including) |
| Activemq | Apache | 5.0.0 (including) | 5.0.0 (including) |
| Activemq | Apache | 5.1.0 (including) | 5.1.0 (including) |
| Activemq | Apache | 5.2.0 (including) | 5.2.0 (including) |
| Activemq | Apache | 5.3.0 (including) | 5.3.0 (including) |
| Activemq | Apache | 5.3.1 (including) | 5.3.1 (including) |
| Activemq | Apache | 5.3.2 (including) | 5.3.2 (including) |
| Activemq | Apache | 5.4.0 (including) | 5.4.0 (including) |
| Activemq | Apache | 5.4.1 (including) | 5.4.1 (including) |
| Activemq | Apache | 5.4.2 (including) | 5.4.2 (including) |
| Activemq | Apache | 5.5.0 (including) | 5.5.0 (including) |
| Activemq | Apache | 5.5.1 (including) | 5.5.1 (including) |
| Activemq | Apache | 5.6.0 (including) | 5.6.0 (including) |
| Activemq | Ubuntu | oneiric | * |
| Activemq | Ubuntu | quantal | * |
| Activemq | Ubuntu | raring | * |
| Activemq | Ubuntu | saucy | * |
| Activemq | Ubuntu | utopic | * |
| Activemq | Ubuntu | vivid | * |
| Fuse Message Broker 5.5.1 | RedHat | * | |
| Fuse MQ Enterprise 7.1.0 | RedHat | * |