It is possible to shutdown an ActiveMQ broker remotely without authentication. The offending network packet is sent to the same port as a message consumer or producer would connect to. If the port is exposed, the attack will be possible. Apache ActiveMQ versions 5.0.0 through 5.10.1 are affected.