You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2022/06/08 16:03:15 UTC
[activemq-website] 01/02: Update for CVE-2022-23913
This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
commit 34e3729e9c76eff033865acddeb03975e4057a0e
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Thu Feb 3 14:10:41 2022 -0600
Update for CVE-2022-23913
---
src/components/artemis/security.md | 1 +
.../CVE-2022-23913-announcement.txt | 19 +++++++++++++++++++
2 files changed, 20 insertions(+)
diff --git a/src/components/artemis/security.md b/src/components/artemis/security.md
index 468d52a2f..41d704e87 100644
--- a/src/components/artemis/security.md
+++ b/src/components/artemis/security.md
@@ -9,6 +9,7 @@ Details of security problems fixed in released versions of Apache ActiveMQ Artem
See the main [Security Advisories](../../security-advisories) page for details for other components and general information such as reporting new security issues.
+* [CVE-2022-23913](../../security-advisories.data/CVE-2022-23913-announcement.txt) - Apache ActiveMQ Artemis DoS
* [CVE-2021-26117](../../security-advisories.data/CVE-2021-26117-announcement.txt) - ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
* [CVE-2021-26118](../../security-advisories.data/CVE-2021-26118-announcement.txt) - Flaw in ActiveMQ Artemis OpenWire support
* [CVE-2020-13932](../../security-advisories.data/CVE-2020-13932-announcement.txt) - Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin
diff --git a/src/security-advisories.data/CVE-2022-23913-announcement.txt b/src/security-advisories.data/CVE-2022-23913-announcement.txt
new file mode 100644
index 000000000..9ef157698
--- /dev/null
+++ b/src/security-advisories.data/CVE-2022-23913-announcement.txt
@@ -0,0 +1,19 @@
+Apache ActiveMQ Artemis DoS (CVE-2022-23913)
+PRODUCT AFFECTED:
+This issue affects Apache ActiveMQ Artemis.
+
+PROBLEM:
+In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
+
+This issue has been assigned CVE-2022-23913.
+
+This issue is being tracked as https://issues.apache.org/jira/browse/ARTEMIS-3593.
+
+WORKAROUND:
+Upgrade to Apache ActiveMQ Artemis 2.20.0 or 2.19.1 (if you're still using Java 8).
+
+MODIFICATION HISTORY:
+: Initial Publication.
+RELATED LINKS:
+CVE-2022-23913 at cve.mitre.org
+