Moderate severityNVD Advisory· Published Apr 21, 2013· Updated Jun 16, 2026
CVE-2012-6551
CVE-2012-6551
Description
The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:apache-activemqMaven | < 5.8.0 | 5.8.0 |
org.apache.activemq:activemq-web-demoMaven | < 5.8.0 | 5.8.0 |
Affected products
22cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*range: <=5.7.0
- cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
- ghsa-coords2 versions
< 5.8.0+ 1 more
- (no CPE)range: < 5.8.0
- (no CPE)range: < 5.8.0
Patches
Vulnerability mechanics
References
15- github.com/advisories/GHSA-34fp-xvxp-rg22ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-6551ghsaADVISORY
- activemq.apache.org/activemq-580-release.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-1029.htmlnvdWEB
- github.com/apache/activemq/commit/22bc55b9487df98a3c3cb04f99f4618fcba364feghsaWEB
- github.com/apache/activemq/commit/437ea2f6e58d18837ae0e68dcd2fdadc1fff3723ghsaWEB
- github.com/apache/activemq/commit/ced33d2551a040813cb40bd6d36fdd322034fa73ghsaWEB
- issues.apache.org/jira/browse/AMQ-4124nvdWEB
- issues.apache.org/jira/browse/AMQ-5033ghsaWEB
- issues.apache.org/jira/secure/ReleaseNote.jspanvdWEB
- web.archive.org/web/20130916074709/http://activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.htmlghsaWEB
- web.archive.org/web/20200228042520/http://www.securityfocus.com/bid/59401ghsaWEB
- activemq.2283324.n4.nabble.com/DISCUSS-ActiveMQ-out-of-the-box-Should-not-include-the-demos-tc4658044.htmlnvd
- www.securityfocus.com/bid/59401nvd
- fisheye6.atlassian.com/changelog/activemqnvd
News mentions
0No linked articles in our index yet.