RHSA-2013:1221 - Security Advisory
Important: Fuse Message Broker 5.5.1 security update
Security Advisory: Important
An update for the Apache ActiveMQ component of Fuse Message Broker 5.5.1
that fixes one security issue is now available from the Red Hat Customer
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Fuse Message Broker is a messaging platform based on Apache ActiveMQ that
provides SOA infrastructure to connect processes across heterogeneous
It was found that, by default, the Apache ActiveMQ web console did not
require authentication. A remote attacker could use this flaw to modify the
state of the Apache ActiveMQ environment, obtain sensitive information, or
cause a denial of service. (CVE-2013-3060)
This update delivers a README file which describes how to manually
configure an XML properties file to fix this flaw. Back up existing Fuse
Message Broker configuration files before making changes.
The References section of this erratum contains a download link (you must
log in to download the update). Back up existing Fuse Message Broker
configuration files before making changes.
- Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64
- BZ - 955908 - CVE-2013-3060 activemq: Unauthenticated access to web console
Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1