Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2019-0222
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 2.9/10
- Confidentiality Impact
- None
- Availability Impact
- Partial
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- High
- Base Score
- 7.5/10
- Exploit Score
- 3.9/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 3.6/10
- Confidentiality Impact
- None
- Availability Impact
- High
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* |
Yes
|
5.0.0 | - | |
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0 |
Yes
|
- | - | |
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0 |
Yes
|
- | - | |
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0 |
Yes
|
- | - | |
cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:* |
Yes
|
- | 19.1.0.0.1 | |
cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_diameter_signaling_router:8. |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_diameter_signaling_router:8. |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_diameter_signaling_router:8. |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_diameter_signaling_router:8. |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.openwall.com/lists/oss-security/2019/03/27/2
- http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
- http://www.securityfocus.com/bid/107622
- https://security.netapp.com/advisory/ntap-20190502-0006/
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html
- https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c1108
- https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b577462
- https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed
- https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f
- https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca1
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62ae
- https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a
- https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402
- https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b72
- https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36