Important: Fuse Message Broker 5.5.1 security update
|Last updated on:||2013-09-09|
An update for the Apache ActiveMQ component of Fuse Message Broker 5.5.1
that fixes one security issue is now available from the Red Hat Customer
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Fuse Message Broker is a messaging platform based on Apache ActiveMQ that
provides SOA infrastructure to connect processes across heterogeneous
It was found that, by default, the Apache ActiveMQ web console did not
require authentication. A remote attacker could use this flaw to modify the
state of the Apache ActiveMQ environment, obtain sensitive information, or
cause a denial of service. (CVE-2013-3060)
This update delivers a README file which describes how to manually
configure an XML properties file to fix this flaw. Back up existing Fuse
Message Broker configuration files before making changes.
log in to download the update). Back up existing Fuse Message Broker
configuration files before making changes.
Bugs fixed (see bugzilla for more information)
955908 - CVE-2013-3060 activemq: Unauthenticated access to web console
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: