CVE-2019-0222-announcement.txt

dkulp Wed, 27 Mar 2019 04:59:36 -0700

Author: dkulp
Date: Wed Mar 27 11:59:22 2019
New Revision: 1042603

Log:
Add attachment


Added:
    
websites/production/activemq/content/security-advisories.data/CVE-2019-0222-announcement.txt

Added: 
websites/production/activemq/content/security-advisories.data/CVE-2019-0222-announcement.txt
==============================================================================
--- 
websites/production/activemq/content/security-advisories.data/CVE-2019-0222-announcement.txt
 (added)
+++ 
websites/production/activemq/content/security-advisories.data/CVE-2019-0222-announcement.txt
 Wed Mar 27 11:59:22 2019
@@ -0,0 +1,22 @@
+CVE-2019-0222 - Corrupt MQTT frame can cause broker shutdown
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.15.8
+
+Description:
+Unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception 
making it unresponsive.
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.15.9. Alternatevly, you can manually upgrade MQTT 
library to version 1.15 in lib/extra directory. You can download the jar from 
https://repo1.maven.org/maven2/org/fusesource/mqtt-client/mqtt-client/1.15/mqtt-client-1.15.jar.
 If you don't use MQTT protocol, you can disable the transport as well.
+
+
+Credit:
+This issue was discovered by:
+
+* Indrajeet Singh - <insi_2...@ymail.com>
+

svn commit: r1042603 - /websites/production/activemq/content/security-advisories.data/CVE-2019-0222-announcement.txt

Reply via email to