CVE-2014-3576

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
apacheactivemq
𝑥
≤ 5.10.0
oraclebusiness_intelligence_publisher
12.2.1.0.0
oraclefusion_middleware
8.1
oraclefusion_middleware
9.0
oraclefusion_middleware
11.1.1.7.4
oraclefusion_middleware
12.1.3.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
activemq
bullseye
5.16.1-1
fixed
bullseye (security)
5.16.1-1+deb11u1
fixed
bookworm
5.17.2+dfsg-2
fixed
bookworm (security)
5.17.2+dfsg-2+deb12u1
fixed
sid
5.17.6+dfsg-1
fixed
trixie
5.17.6+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
activemq
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
Fixed 5.6.0+dfsg1-4+deb8u1
released
utopic
ignored
trusty
Fixed 5.6.0+dfsg-1+deb7u1build0.14.04.1
released
precise
ignored
Common Weakness Enumeration
References
http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html
http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html
http://www.debian.org/security/2015/dsa-3330
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/archive/1/536862/100/0/threaded
http://www.securityfocus.com/bid/76272
http://www.securitytracker.com/id/1033898
https://github.com/apache/activemq/commit/00921f2
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html
http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html
http://www.debian.org/security/2015/dsa-3330
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/archive/1/536862/100/0/threaded
http://www.securityfocus.com/bid/76272
http://www.securitytracker.com/id/1033898
https://github.com/apache/activemq/commit/00921f2
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E