CVE-2011-4905
EPSS 12.5%Denial of Service in Apache ActiveMQ
Published: 5/17/2022Modified: 4/28/2026
Description
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
Affected packages (2)
- Debian/activemqfrom 0, < 5.5.0+dfsg-5
- Maven/org.apache.activemq:activemq-corefrom 0, < 5.6.0
References (12)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2011-4905
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-4905
- WEBhttp://openwall.com/lists/oss-security/2011/12/25/2
- WEBhttp://openwall.com/lists/oss-security/2011/12/25/6
- WEBhttps://github.com/apache/activemq
- WEBhttps://github.com/apache/activemq/commit/3a71f8e33d0309cb0ca5b5758a8f251da205e757
- WEBhttps://github.com/apache/activemq/commit/9df9d3e89140b7329654ad5675259ec6f0c4b3a7
- WEBhttps://github.com/apache/activemq/commit/da7f9962c640666a743675085922bf75a656f81b
- WEBhttps://issues.apache.org/jira/browse/AMQ-1928
- WEBhttps://issues.apache.org/jira/browse/AMQ-3294
- WEBhttp://svn.apache.org/viewvc?view=revision&revision=1209700
- WEBhttp://svn.apache.org/viewvc?view=revision&revision=1211844