来源:Apache ActiveMQ官网
发布日期:2018-11-14
阅读次数:1172
评论:0
更新标题
Corrupt MQTT frame can cause broker shutdown
更新详情
CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Apache ActiveMQ 5.0.0 - 5.15.8
Description:
Unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
Mitigation:
Upgrade to Apache ActiveMQ 5.15.9. Alternatevly, you can manually upgrade MQTT library to version 1.15 in lib/extra directory. You can download the jar from https://repo1.maven.org/maven2/org/fusesource/mqtt-client/mqtt-client/1.15/mqtt-client-1.15.jar. If you don't use MQTT protocol, you can disable the transport as well.
Credit:
This issue was discovered by:
* Indrajeet Singh -
软件描述
Apache ActiveMQ是Apache软件基金会所研发的开放源代码消息中间件;由于ActiveMQ是一个纯Java程序,因此只需要操作系统支持Java虚拟机,ActiveMQ便可执行。
评论