{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2015-7559", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-06T07:51:28.509Z", "dateReserved": "2015-09-29T00:00:00", "datePublished": "2019-08-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-06-30T00:00:00"}, "descriptions": [{"lang": "en", "value": "It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client."}], "affected": [{"vendor": "Apache", "product": "ActiveMQ", "versions": [{"version": "5.15.5", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559"}, {"url": "https://issues.apache.org/jira/browse/AMQ-6470"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-306", "cweId": "CWE-306"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:51:28.509Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559", "tags": ["x_transferred"]}, {"url": "https://issues.apache.org/jira/browse/AMQ-6470", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "matchCriteriaId": "19F3F7A9-36A3-4C80-A64F-93F1E36B0B29", "versionEndExcluding": "5.14.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "matchCriteriaId": "37F1391B-D441-48C7-B534-E657E6FE1FE2", "versionEndExcluding": "5.15.5", "versionStartIncluding": "5.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "03D90905-0F4C-4702-BD33-272740AF0B15", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "9F7D1ECB-DF7E-4161-B844-E6F6004FDC52", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "D071664D-9B31-45EB-A5DD-237EB3F36E63", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client."}, {"lang": "es", "value": "Se encontr\u00f3 que el cliente ActiveMQ de Apache anterior a versi\u00f3n 5.15.5, expuso un comando de apagado remoto en clase ActiveMQConnection. Un atacante que inicio sesi\u00f3n en un broker comprometido podr\u00eda utilizar este fallo para lograr una denegaci\u00f3n de servicio en un cliente conectado."}], "id": "CVE-2015-7559", "lastModified": "2023-11-07T02:27:54.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-01T14:15:10.940", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/AMQ-6470"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2017:0868", "cpe": "cpe:/a:redhat:jboss_amq:6.3", "product_name": "Red Hat JBoss A-MQ 6.3", "release_date": "2017-04-03T00:00:00Z"}, {"advisory": "RHSA-2017:0868", "cpe": "cpe:/a:redhat:jboss_fuse:6.3", "product_name": "Red Hat JBoss Fuse 6.3", "release_date": "2017-04-03T00:00:00Z"}], "bugzilla": {"description": "ActiveMQ: DoS in client via shutdown command", "id": "1293972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293972"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-306", "details": ["It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.", "It was found that the Apache ActiveMQ client exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client."], "name": "CVE-2015-7559", "package_state": [{"cpe": "cpe:/a:jboss_amq:6.2.1", "fix_state": "Affected", "package_name": "amq-client", "product_name": "Red Hat JBoss A-MQ 6.2.1"}], "public_date": "2017-04-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-7559\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7559"], "threat_severity": "Low", "upstream_fix": "apache activemq 5.14.5"}