CVE-2015-7559

CWE-306 — Missing Authentication CWE-20 — Improper Input Validation10 documents8 sources

Severity

2.7LOW

EPSS

0.1%

top 75.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq Redhat Jboss A-mq Redhat Jboss Fuse

Timeline

PublishedAug 1

Latest updateJul 23

Description

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 1.2 | Impact: 1.4

Affected Packages7 packages

▶Mavenorg.apache.activemq:activemq-client< 5.14.5

▶NVDapache/activemq5.15.0 — 5.15.5+1

▶CVEListV5apache/activemq5.15.5

▶Debianactivemq< 5.14.3-3+2

▶Ubuntuactivemq< 5.13.2+dfsg-2ubuntu0.1~esm1+3

Patches

Patch: bugzilla.redhat.com ↗Patch: issues.apache.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

activemq vulnerabilities↗2024-07-23

▶

GHSA

Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ↗2019-08-01

▶

OSV

Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ↗2019-08-01

▶

CVEList

CVE-2015-7559: It was found that the Apache ActiveMQ client before 5↗2019-08-01

▶

OSV

CVE-2015-7559: It was found that the Apache ActiveMQ client before 5↗2019-08-01

▶

📋Vendor Advisories

Ubuntu

Apache ActiveMQ vulnerabilities↗2024-07-23

▶

Red Hat

ActiveMQ: DoS in client via shutdown command↗2017-04-19

▶

Debian

CVE-2015-7559: activemq - It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shut...↗2015

▶

💬Community

Bugzilla

CVE-2015-7559 ActiveMQ: DoS in client via shutdown command↗2015-12-23

▶