CVE-2015-5254
published 2016-01-08CVE-2015-5254: Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | >= 0 < 5.13.2+dfsg-1 | 5.13.2+dfsg-1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL