Re: CVE Request for Apache ActiveMQ DoS

[Kurt Seifried <kseifried () redhat com>]

On 12/24/2011 05:37 PM, David Jorm wrote:
> A flaw in Apache ActiveMQ before 5.6.0 could allow a remote unauthenticated
> attacker to abuse the 'failover' feature, allowing them to trigger a denial of
> service against the broker service.  An attacker can issue multiple ActiveMQ
> openwire connection requests using the string 'failover:tcp://[IP]:61616', and
> due to the 'failure' mechanism, all TCP connections remain active even if a
> valid session is not created.  After a few thousand requests, a
> 'java.net.SocketException: Too many open files' exception is triggered, leading
> to a freeze or crash of the broker (and possibly connected systems as well).
>
> Upstream bug:
> https://issues.apache.org/jira/browse/AMQ-3294
>
> Secunia advisory:
> http://secunia.com/advisories/47112
>
> Patch commits:
> http://svn.apache.org/viewvc?view=revision&revision=1209700
> http://svn.apache.org/viewvc?view=revision&revision=1211844
Please use CVE-2011-4905 for this issue.

--

-Kurt Seifried / Red Hat Security Response Team