CVE-2015-7559

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

CVSS v3 2.7 LOW
CVSS v2.0 4.0 MEDIUM

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559	Issue Tracking Patch Third Party Advisory
https://issues.apache.org/jira/browse/AMQ-6470	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:activemq::::::::
	cpe:2.3:a:apache:activemq::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:jboss_a-mq:6.2.1:::::::*
	cpe:2.3:a:redhat:jboss_a-mq:6.3:::::::*
	cpe:2.3:a:redhat:jboss_fuse:6.3:::::::*

History

30 Jun 2023, 22:15

Type	Values Removed	Values Added
Summary	It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.	It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

Information

Published : 2019-08-01 14:15

Updated : 2024-02-28 17:08

NVD link : CVE-2015-7559

Mitre link : CVE-2015-7559

CVE.ORG link : CVE-2015-7559

JSON object : View

Products Affected

redhat

jboss_a-mq
jboss_fuse

apache

activemq

CWE

CWE-20

Improper Input Validation

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2015-7559", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2019-08-01T14:15:10.940", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/jira/browse/AMQ-6470", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client."}, {"lang": "es", "value": "Se encontr\u00f3 que el cliente ActiveMQ de Apache anterior a versi\u00f3n 5.15.5, expuso un comando de apagado remoto en clase ActiveMQConnection. Un atacante que inicio sesi\u00f3n en un broker comprometido podr\u00eda utilizar este fallo para lograr una denegaci\u00f3n de servicio en un cliente conectado."}], "lastModified": "2023-11-07T02:27:54.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F3F7A9-36A3-4C80-A64F-93F1E36B0B29", "versionEndExcluding": "5.14.5"}, {"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37F1391B-D441-48C7-B534-E657E6FE1FE2", "versionEndExcluding": "5.15.5", "versionStartIncluding": "5.15.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03D90905-0F4C-4702-BD33-272740AF0B15"}, {"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F7D1ECB-DF7E-4161-B844-E6F6004FDC52"}, {"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D071664D-9B31-45EB-A5DD-237EB3F36E63"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}