En

Apache ActiveMQ官网安全更新(2018-11-14)

来源:Apache ActiveMQ官网 发布日期:2018-11-14 阅读次数:282 评论:0

基本信息

发布日期:2018-11-14(官方当地时间)

更新类型:安全更新

更新版本: 5.x

感知时间:2019-12-05 19:41:37

风险等级:高危

情报贡献:TSRC

更新标题

Corrupt MQTT frame can cause broker shutdown

更新详情

CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache ActiveMQ 5.0.0 - 5.15.8

Description:
Unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Mitigation:
Upgrade to Apache ActiveMQ 5.15.9. Alternatevly, you can manually upgrade MQTT library to version 1.15 in lib/extra directory. You can download the jar from https://repo1.maven.org/maven2/org/fusesource/mqtt-client/mqtt-client/1.15/mqtt-client-1.15.jar. If you don't use MQTT protocol, you can disable the transport as well.


Credit:
This issue was discovered by:

* Indrajeet Singh -

软件描述

Apache ActiveMQ是Apache软件基金会所研发的开放源代码消息中间件;由于ActiveMQ是一个纯Java程序,因此只需要操作系统支持Java虚拟机,ActiveMQ便可执行。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入