First published: Wed Mar 27 2019(Updated: )
Apache ActiveMQ is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted MQTT frame, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Security Directory Suite VA | <=8.0.1-8.0.1.19 | |
redhat/activemq | <5.15.9 | 5.15.9 |
maven/org.apache.activemq:activemq-client | >=5.0.0<5.15.9 | 5.15.9 |
debian/activemq | 5.15.16-0+deb10u1 5.16.1-1 5.17.2+dfsg-2 5.17.6+dfsg-1 | |
debian/mqtt-client | 1.14-1+deb10u1 1.16-1 | |
ubuntu/mqtt-client | <1.14-1ubuntu0.18.04.1~ | 1.14-1ubuntu0.18.04.1~ |
ubuntu/mqtt-client | <1.14-1+ | 1.14-1+ |
ubuntu/mqtt-client | <1.10-1ubuntu0.1~ | 1.10-1ubuntu0.1~ |
Apache ActiveMQ | >=5.0.0<=5.15.8 | |
Netapp E-series Santricity Web Services | ||
Oracle Communications Diameter Signaling Router | =8.0.0 | |
Oracle Communications Diameter Signaling Router | =8.1 | |
Oracle Communications Diameter Signaling Router | =8.2 | |
Oracle Communications Diameter Signaling Router | =8.2.1 | |
Oracle Enterprise Manager Base Platform | =12.1.0.5.0 | |
Oracle Enterprise Manager Base Platform | =13.2.0.0.0 | |
Oracle Enterprise Manager Base Platform | =13.3.0.0.0 | |
Oracle Enterprise Repository | =12.1.3.0.0 | |
Oracle Goldengate Stream Analytics | <19.1.0.0.1 | |
Oracle Identity Manager Connector | =9.0 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2019-0222 is a vulnerability in Apache ActiveMQ 5.0.0 - 5.15.8 that can lead to a denial of service condition.
CVE-2019-0222 has a severity rating of 7.5 (High).
CVE-2019-0222 affects Apache ActiveMQ versions 5.0.0 to 5.15.8.
To fix CVE-2019-0222, upgrade to Apache ActiveMQ version 5.15.9.
You can find more information about CVE-2019-0222 in the Apache ActiveMQ security advisories and the Red Hat Bugzilla report.