Security Advisories - ActiveMQ 5.x
Details of security problems fixed in released versions of Apache ActiveMQ 5.x are detailed below.
See the main Security Advisories page for details for other components and general information such as reporting new security issues.
- CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown
- CVE-2018-8006 - ActiveMQ Web Console - Cross-Site Scripting
- CVE-2018-11775 - Missing TLS Hostname Verification
- CVE-2017-15709 - Information Leak
- CVE-2016-6810 - ActiveMQ Web Console - Cross-Site Scripting
- CVE-2016-0734 - ActiveMQ Web Console - Clickjacking
- CVE-2016-0782 - ActiveMQ Web Console - Cross-Site Scripting
- CVE-2016-3088 - ActiveMQ Fileserver web application vulnerabilities
- CVE-2015-7559 - DoS in client via shutdown command
- CVE-2015-5254 - Unsafe deserialization in ActiveMQ
- CVE-2015-1830 - Path traversal leading to unauthenticated RCE in ActiveMQ