Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-5254

Опубликовано: 08 янв. 2016
Источник: ubuntu
Приоритет: medium
EPSS Высокий
CVSS2: 7.5
CVSS3: 9.8

Описание

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

РелизСтатусПримечание
devel

not-affected

5.13.2+dfsg-2
esm-apps/xenial

not-affected

5.13.2+dfsg-2
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [5.6.0+dfsg-1+deb7u2build0.14.04.1]]
precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

released

5.6.0+dfsg-1+deb7u2build0.14.04.1
trusty/esm

DNE

trusty was released [5.6.0+dfsg-1+deb7u2build0.14.04.1]
upstream

released

5.13.0
vivid

ignored

end of life
vivid/stable-phone-overlay

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.77148
Высокий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2015-5254

redhat
около 10 лет назад

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

nvd логотип

CVE-2015-5254

CVSS3: 9.8
nvd
около 10 лет назад

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

debian логотип

CVE-2015-5254

CVSS3: 9.8
debian
около 10 лет назад

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that c ...

github логотип

GHSA-q9hr-3pg4-3jp4

CVSS3: 9.8
github
больше 3 лет назад

Improper Input Validation in Apache ActiveMQ

EPSS

Процентиль: 99%
0.77148
Высокий

7.5 High

CVSS2

9.8 Critical

CVSS3