In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6685-1 advisory.

  - In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory     exception making it unresponsive. (CVE-2019-0222)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Multiple security issues were discovered in activemq, a message broker built around Java Message Service.

CVE-2017-15709

When using the OpenWire protocol in activemq, it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

CVE-2018-11775

TLS hostname verification when using the Apache ActiveMQ Client was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

CVE-2019-0222

Unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive

CVE-2021-26117

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. The anonymous context is used to verify a valid users password in error, resulting in no check on the password.

For Debian 9 stretch, these problems have been fixed in version 5.14.3-3+deb9u2.

We recommend that you upgrade your activemq packages.

For the detailed security status of activemq please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/activemq

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability was discovered in mqtt-client wher unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

For Debian 9 stretch, this problem has been fixed in version 1.14-1+deb9u1.

We recommend that you upgrade your mqtt-client packages.

For the detailed security status of mqtt-client please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/mqtt-client

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is missing the April 2020 Critical Patch Update for Oracle Identity Manager Connector. It is, therefore, affected by multiple vulnerabilities:

 - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware  (component: General (Apache ActiveMQ)). The supported version that is affected is 9.0. Easily exploitable  vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable  crash (complete DOS) of Identity Manager Connector. (CVE-2019-0222)

 - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: LDAP Gateway  (Spring Framework)). The supported version that is affected is 9.0. Easily exploitable vulnerability allows  unauthenticated attacker with network access via HTTP to compromise Identity Manager Connector. Successful attacks of  this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of  Identity Manager Connector. (CVE-2018-15756)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component:

  - An unspecified vulnerability in the Enterprise Manager Base Platform component of   Oracle Enterprise Manager Products Suite (subcomponent: Connector Framework (Apache CXF)),   which could allow an unauthenticated, remote attacker to compromise   Enterprise Manager Base Platform. (CVE-2018-8039)

  - An unspecified vulnerability in the Oracle Enterprise Manager Base Platform component   of Oracle Enterprise Manager Products Suite (subcomponent: Valid Session (Apache ActiveMQ)),   which could allow an unauthenticated, remote attacker to compromise   Oracle Enterprise Manager Base Platform. (CVE-2019-0222)

  - An unspecified vulnerability in the Enterprise Manager Base Platform component of   Oracle Enterprise Manager Products Suite (subcomponent: Discovery Framework (OpenSSL)), which   could allow and unauthenticated, remote attacker to compromise   Enterprise Manager Base Platform. (CVE-2019-1559)

The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.15.9. It is, therefore, affected by a denial of service (DoS) vulnerability due to improper validation of MQTT frames. An unauthenticated, remote attacker can exploit this issue to cause the broker to stop responding.

ID	Name	Product	Family	Severity
191738	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : mqtt-client vulnerability (USN-6685-1)	Nessus	Ubuntu Local Security Checks	high
147182	Debian DLA-2583-1 : activemq security update	Nessus	Debian Local Security Checks	high
147179	Debian DLA-2582-1 : mqtt-client security update	Nessus	Debian Local Security Checks	high
136284	Oracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)	Nessus	Misc.	high
126775	Oracle Enterprise Manager Cloud Control (Jul 2019 CPU)	Nessus	Misc.	high
123756	Apache ActiveMQ 5.x < 5.15.9 Corrupt MQTT Frame Denial of Service (DoS) (CVE-2019-0222)	Nessus	CGI abuses	high

Detections

Analytics

CVE-2019-0222

high

Tenable Plugins

high

high

high

high

high

high