Apache ActiveMQ 5.x < 5.10.1 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 8961

Synopsis

The remote web server is running a version of the Apache ActiveMQ application that is affected by multiple vulnerabilities.

Description

Versions 5.x of Apache ActiveMQ prior to 5.10.1 are affected by the following vulnerabilities :

- An unauthenticated, remote attacker can crash the broker listener by sending a packet to the same port that a message consumer or product connects to, resulting in a denial of service condition. (CVE-2014-3576)
- An XXE (Xml eXternal Entity) injection flaw related to XPath selectors exists that is triggered during the parsing of XML data. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data, a remote attacker can disclose the contents of arbitrary files. (CVE-2014-3600)
- Two flaws exists that allow a reflected cross-site scripting (XSS) attack. The first flaw exists because the 'connection.jsp' script does not validate input to the 'connectionID' parameter before returning it to users. The second flaw exists because the 'browse.jsp' script does not validate input to the 'JMSDestination' GET parameter before returning it to users. Either of these vulnerabiltiies may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2014-8110)
- A flaw exists that allows a stored cross-site scripting (XSS) attack. This flaw exists because the 'createDestination.action' script does not validate input to the 'JMSDestination' parameter before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2010-0684)
- A flaw exists in LDAPLoginModule in Java Authentication and Authorization Service (JAAS) that is triggered when handling an authentication attempt that contains an invalid password. This authentication attempt will be considered successful, which can allow a remote attacker to bypass authentication mechanisms. This flaw is also triggered during the handling of an authentication attempt that contains a wildcard operator in place of a username. This may allow a remote attacker to bypass authentication mechanisms (CVE-2014-3612) and can allow remote attackers to obtain credentials via a brute force attack. (CVE-2015-6524)

Solution

Upgrade to ActiveMQ 5.10.1 or later.

See Also

https://puppetlabs.com/security/cve/activemq-february-2015-vulnerability-fix

http://www.nessus.org/u?c8309341

http://www.nessus.org/u?b3d4e09f

http://www.nessus.org/u?3b2b5313

http://www.nessus.org/u?8f1bda02

Plugin Details

Severity: Critical

ID: 8961

Family: Web Servers

Published: 2015/10/22

Modified: 2016/02/19

Dependencies: 8957

Nessus ID: 81374, 86265

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:activemq

Patch Publication Date: 2015/01/20

Vulnerability Publication Date: 2015/02/05

Reference Information

CVE: CVE-2010-0684, CVE-2014-3576, CVE-2014-3600, CVE-2014-3612, CVE-2014-8110, CVE-2015-6524

BID: 39119, 72510, 72511, 72513, 76272