CVE-2014-3576

EPSS 11.35%
Published 14.08.2015 18:59:00
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

Affected products Warnungen 0 Metrics 3 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Activemq Version <= 5.10.0

Oracle ≫ Business Intelligence Publisher Version12.2.1.0.0

Oracle ≫ Fusion Middleware Version8.1

Oracle ≫ Fusion Middleware Version9.0

Oracle ≫ Fusion Middleware Version11.1.1.7.4

Oracle ≫ Fusion Middleware Version12.1.3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	11.35%	0.933

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

http://www.securitytracker.com/id/1033898

http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html

http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html

http://www.debian.org/security/2015/dsa-3330

http://www.securityfocus.com/archive/1/536862/100/0/threaded

http://www.securityfocus.com/bid/76272

https://github.com/apache/activemq/commit/00921f2

Patch

https://nvd.nist.gov/vuln/detail/CVE-2014-3576

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3576

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3576

EUVD