CVE-2014-3576

Опубликовано: 17 июл. 2015

Источник: redhat

CVSS2: 5

Описание

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

It was found that the Apache ActiveMQ broker exposed a remote shutdown command without requiring any authentication to use it. A remote, unauthenticated attacker could use this flaw to shut down ActiveMQ broker's listener.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Enterprise Web Server 1	fuse-6	Affected
Red Hat JBoss A-MQ 6.1		Fixed	RHSA-2015:0137	05.02.2015
Red Hat JBoss Fuse 6.1		Fixed	RHSA-2015:0137	05.02.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-306

https://bugzilla.redhat.com/show_bug.cgi?id=1198306ActiveMQ: DoS via unauthenticated remote shutdown command

5 Medium

CVSS2

Связанные уязвимости

CVE-2014-3576

CVSS3: 7.5

ubuntu

больше 10 лет назад

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

CVE-2014-3576

CVSS3: 7.5

nvd

больше 10 лет назад

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

CVE-2014-3576

CVSS3: 7.5

debian

больше 10 лет назад

The processControlCommand function in broker/TransportConnection.java ...

GHSA-3wfj-vh84-732p

CVSS3: 7.5

github

больше 3 лет назад

Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ

5 Medium

CVSS2