Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ

GHSA-jvpp-hxjj-5ccc · CVE-2015-7559

Published Aug 1, 2019 · Modified Feb 16, 2024

Description

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-7559
WEB https://github.com/apache/activemq/commit/b8fc78ec6c367cbe2a40a674eaec64ac3d7d1ec
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559
PACKAGE https://github.com/apache/activemq
WEB https://issues.apache.org/jira/browse/AMQ-6470

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes