CVE-2015-7559
MEDIUM4.9EPSS 0.08%activemq - security update
發布日:2019/8/1修改日:2026/4/28
描述
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
受影響套件(3)
- Debian/activemqfrom 0, < 5.14.3-3
- Debian/activemqfrom 0, < 5.6.0+dfsg-1+deb7u3
- Maven/org.apache.activemq:activemq-clientfrom 0, < 5.14.5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.9 | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7559
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-7559
- PATCHhttps://github.com/apache/activemq
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559
- WEBhttps://github.com/apache/activemq/commit/b8fc78ec6c367cbe2a40a674eaec64ac3d7d1ec
- WEBhttps://issues.apache.org/jira/browse/AMQ-6470