CVE-2015-7559
MEDIUM4.9EPSS 0.08%Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Published: 8/1/2019Modified: 2/16/2024
Description
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
Affected packages (3)
- Debian/activemqfrom 0, < 5.14.3-3
- Debian/activemqfrom 0, < 5.6.0+dfsg-1+deb7u3
- Maven/org.apache.activemq:activemq-clientfrom 0, < 5.14.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7559
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-7559
- PATCHhttps://github.com/apache/activemq
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559
- WEBhttps://github.com/apache/activemq/commit/b8fc78ec6c367cbe2a40a674eaec64ac3d7d1ec
- WEBhttps://issues.apache.org/jira/browse/AMQ-6470