[
https://issues.apache.org/jira/browse/AMQ-6266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15341799#comment-15341799
]
Arnaud Marchand commented on AMQ-6266:
--------------------------------------
I don't totally agree. Probably adding a default client ID when there is none
specified could be an acceptable fix. But not doing anything just let all the
ActiveMQ servers unsecured. A DOS attack written in less than 3 lines of shell
script crashes the full system in less than 10.
> REST API and CURL leaking connections
> -------------------------------------
>
> Key: AMQ-6266
> URL: https://issues.apache.org/jira/browse/AMQ-6266
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.13.2
> Environment: Broker 5.13.2 running on MAC or PC
> curl client on MAC and LINUX
> Reporter: Arnaud Marchand
> Priority: Minor
>
> Sending messages via the REST API via a curl leaks ActiveMQ connections.
> Any curl such as the one in the ActiveMQ web site creates the problem:
> curl -u system:manager -d "body=message"
> http://localhost:8161/demo/message/TEST?type=queue
> The number of connections can be checked via the Jolokia or the JConsole
> interface.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
