Details
-
Bug
-
Status: Resolved
-
Blocker
-
Resolution: Fixed
-
5.15.4
-
None
Description
ActiveMQ 5.15.4 xercesImpl-2.11.0.jar which has one high severity CVE against it.
Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and running the OWASP report.
CVE-2012-0881 Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-399 Resource Management Errors
Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=787104
MLIST - [oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff
Vulnerable Software & Versions:
cpe:/a:apache:xerces2_java:2.11.0 and all previous versions