CVE-2015-7559

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

CVSS v3 2.7 LOW
CVSS v2.0 4.0 MEDIUM

2.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559	Issue Tracking Patch Third Party Advisory
https://issues.apache.org/jira/browse/AMQ-6470	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559	Issue Tracking Patch Third Party Advisory
https://issues.apache.org/jira/browse/AMQ-6470	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:activemq::::::::
	cpe:2.3:a:apache:activemq::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:jboss_a-mq:6.2.1:::::::*
	cpe:2.3:a:redhat:jboss_a-mq:6.3:::::::*
	cpe:2.3:a:redhat:jboss_fuse:6.3:::::::*

History

No history.

Information

Published : 2019-08-01 14:15

Updated : 2024-11-21 02:36

NVD link : CVE-2015-7559

Mitre link : CVE-2015-7559

CVE.ORG link : CVE-2015-7559

JSON object : View

Products Affected

apache

activemq

redhat

jboss_fuse
jboss_a-mq

CWE

CWE-306

Missing Authentication for Critical Function

CWE-20

Improper Input Validation

{"id": "CVE-2015-7559", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2019-08-01T14:15:10.940", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/jira/browse/AMQ-6470", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://issues.apache.org/jira/browse/AMQ-6470", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client."}, {"lang": "es", "value": "Se encontr\u00f3 que el cliente ActiveMQ de Apache anterior a versi\u00f3n 5.15.5, expuso un comando de apagado remoto en clase ActiveMQConnection. Un atacante que inicio sesi\u00f3n en un broker comprometido podr\u00eda utilizar este fallo para lograr una denegaci\u00f3n de servicio en un cliente conectado."}], "lastModified": "2024-11-21T02:36:58.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F3F7A9-36A3-4C80-A64F-93F1E36B0B29", "versionEndExcluding": "5.14.5"}, {"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37F1391B-D441-48C7-B534-E657E6FE1FE2", "versionEndExcluding": "5.15.5", "versionStartIncluding": "5.15.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03D90905-0F4C-4702-BD33-272740AF0B15"}, {"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F7D1ECB-DF7E-4161-B844-E6F6004FDC52"}, {"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D071664D-9B31-45EB-A5DD-237EB3F36E63"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}