We found results for “”
CVE-2019-0222
Good to know:
Date: March 28, 2019
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
Language: Java
Severity Score
Related Resources (23)
Severity Score
Weakness Type (CWE)
Code Injection
CWE-94Insufficient Information
NVD-CWE-noinfoTop Fix
Upgrade Version
Upgrade to version org.apache.activemq:activemq-all:5.15.9;org.apache.activemq:activemq-mqtt:5.15.9
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | PARTIAL |
Additional information: |