Security Advisories - ActiveMQ 5.x
Details of security problems fixed in released versions of Apache ActiveMQ 5.x are detailed below.
See the main Security Advisories page for details for other components and general information such as reporting new security issues.
- CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown
- CVE-2018-8006 - ActiveMQ Web Console - Cross-Site Scripting
- CVE-2017-15709 - Information Leak
- CVE-2018-11775 - Missing TLS Hostname Verification
- CVE-2015-7559 - DoS in client via shutdown command
- CVE-2016-6810 - ActiveMQ Web Console - Cross-Site Scripting
- CVE-2016-0734 - ActiveMQ Web Console - Clickjacking
- CVE-2016-0782 - ActiveMQ Web Console - Cross-Site Scripting
- CVE-2016-3088 - ActiveMQ Fileserver web application vulnerabilities
- CVE-2015-5254 - Unsafe deserialization in ActiveMQ
- CVE-2015-1830 - Path traversal leading to unauthenticated RCE in ActiveMQ