Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0zd2ZqLXZoODQtNzMycM4AATvQ

High EPSS: 0.17549% (0.94767 Percentile) EPSS:
Permalink JSON

Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ

Affected Packages Affected Versions Fixed Versions
maven:org.apache.activemq:activemq-client < 5.11.0 5.11.0
410 Dependent packages
6,414 Dependent repositories

Affected Version Ranges

All affected versions

5.8.0, 5.9.0, 5.9.1, 5.10.0, 5.10.1, 5.10.2

All unaffected versions

5.11.0, 5.11.1, 5.11.2, 5.11.3, 5.11.4, 5.12.0, 5.12.1, 5.12.2, 5.12.3, 5.13.0, 5.13.1, 5.13.2, 5.13.3, 5.13.4, 5.13.5, 5.14.0, 5.14.1, 5.14.2, 5.14.3, 5.14.4, 5.14.5, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.16.0, 5.16.1, 5.16.2, 5.16.3, 5.16.4, 5.16.5, 5.16.6, 5.16.7, 5.16.8, 5.17.0, 5.17.1, 5.17.2, 5.17.3, 5.17.4, 5.17.5, 5.17.6, 5.17.7, 5.18.0, 5.18.1, 5.18.2, 5.18.3, 5.18.4, 5.18.5, 5.18.6, 5.18.7, 5.19.0, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

References:

Identifiers

GHSA-3wfj-vh84-732p

CVE-2014-3576

Risk

Severity

High

EPSS

EPSS Percentage: 0.17549

EPSS Percentile: 0.94767

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/activemq

Date and time

Published

about 3 years ago

Updated

over 1 year ago

API

JSON