[ https://issues.apache.org/jira/browse/AMQ-6266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15341799#comment-15341799 ]
Arnaud Marchand edited comment on AMQ-6266 at 6/21/16 1:53 PM: --------------------------------------------------------------- I don't totally agree. Probably adding a default client ID when there is none specified could be an acceptable fix. But not doing anything just let all the ActiveMQ servers unsecured. A DOS attack written in less than 3 lines of shell script crashes the full system in less than 10 seconds. was (Author: snuids): I don't totally agree. Probably adding a default client ID when there is none specified could be an acceptable fix. But not doing anything just let all the ActiveMQ servers unsecured. A DOS attack written in less than 3 lines of shell script crashes the full system in less than 10. > REST API and CURL leaking connections > ------------------------------------- > > Key: AMQ-6266 > URL: https://issues.apache.org/jira/browse/AMQ-6266 > Project: ActiveMQ > Issue Type: Bug > Components: Broker > Affects Versions: 5.13.2 > Environment: Broker 5.13.2 running on MAC or PC > curl client on MAC and LINUX > Reporter: Arnaud Marchand > Priority: Minor > > Sending messages via the REST API via a curl leaks ActiveMQ connections. > Any curl such as the one in the ActiveMQ web site creates the problem: > curl -u system:manager -d "body=message" > http://localhost:8161/demo/message/TEST?type=queue > The number of connections can be checked via the Jolokia or the JConsole > interface. -- This message was sent by Atlassian JIRA (v6.3.4#6332)