Improper input validation in Apache Activemq
CVE-2012-5784
Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname m…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.057 (92.0th percentile) — read the EPSS interpretation.
Affected products
- Apache Activemq
- Apache Axis — versions 1.0, 1.1, 1.2
- Paypal Mass_pay
- Paypal Payments_pro
- Paypal Transactional_information_soap
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Technical Description, Exploit, x_refsource_MISC)
- cve@mitre.org (mailing-list, x_refsource_MLIST)
- cve@mitre.org (mailing-list, x_refsource_MLIST)
- cve@mitre.org (vendor-advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2012-5784?
- CVE-2012-5784 is a vulnerability in Apache Activemq, classified under Improper Input Validation. Published 2012-11-04.
- Is CVE-2012-5784 known to be exploited?
- 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.