Security Advisories - ActiveMQ 5.x

Details of security problems fixed in released versions of Apache ActiveMQ 5.x are detailed below.

See the main Security Advisories page for details for other components and general information such as reporting new security issues.

2019

2018

2017

2016

2015

2014

  • CVE-2014-3576 - Remote Unauthenticated Shutdown of Broker (DoS)
  • CVE-2014-3600 - Apache ActiveMQ XXE with XPath selectors
  • CVE-2014-3612 - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation
  • CVE-2014-8110 - ActiveMQ Web Console - Cross-Site Scripting

Apache ActiveMQ, ActiveMQ, ActiveMQ Artemis, Apache, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright © 2019, The Apache Software Foundation. Licensed under Apache License 2.0.