Headline
CVE-2015-7559: [AMQ-6470] Remove unused ControlCommand handling in client
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
Log inSkip to main contentSkip to sidebar
Dashboards
Projects
Issues
Help
- Jira Core help
- Keyboard Shortcuts
- About Jira
- Jira Credits
Log In
Public signup for this instance is disabled. Go to our Self serve sign up page to request an account.
- ActiveMQ
- AMQ-6470
Log In
Export
XMLWordPrintableJSON
Details
**Type: ** Improvement
Status: Resolved
**Priority: ** Major
Resolution: Fixed
Affects Version/s: 5.14.1
Fix Version/s: 5.15.0, 5.14.5
Component/s: None
Labels:
None
Description
We still have unnecessary handling for ControlCommand in ActiveMQClient
Attachments
Activity
People
Assignee:
Dejan Bosanac
Reporter:
Dejan Bosanac
Votes:
0 Vote for this issue
Watchers:
4 Start watching this issue
Dates
Created:
18/Oct/16 10:00
Updated:
25/Apr/17 08:58
Resolved:
18/Oct/16 10:32
Related news
Ubuntu Security Notice 6910-1 - Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Peter Stoeckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS.
IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567.