CVE-2013-3060
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-3060 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Fuse ESB Enterprise 7.1.0, Fuse MQ Enterprise 7.1.1, JBoss Fuse 6.0.0 and JBoss A-MQ 6.0.0 all contain the Apache ActiveMQ web console, but it is not deployed by default. The documentation for deploying the web console covers the configuration needed to ensure authentication is enabled, therefore these products are not affected by this flaw. In a future update to these products, the web console will be configured so that authentication is automatically enabled if the web console is deployed, eliminating the need to manually configure it.
A future update may address this flaw in Fuse Message Broker 5.5.1.
CVSS v2 metrics
| Base Score | 7.5 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Fuse MQ Enterprise 7.1.0 | RHSA-2013:1029 | 2013-07-09 |
| Fuse Message Broker 5.5.1 | RHSA-2013:1221 | 2013-09-09 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat OpenShift Enterprise 1 | activemq | Affected |
| Red Hat JBoss Enterprise SOA Platform 4.3 | activemq | Will not fix |
CVE description copyright © 2017, The MITRE Corporation