Vulnerability Description
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Activemq | <= 5.10.0 |
| Oracle | Business Intelligence Publisher | 12.2.1.0.0 |
| Oracle | Fusion Middleware | 8.1 |
Related Weaknesses (CWE)
References
- http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html
- http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Ser
- http://www.debian.org/security/2015/dsa-3330
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
- http://www.securityfocus.com/archive/1/536862/100/0/threaded
- http://www.securityfocus.com/bid/76272
- http://www.securitytracker.com/id/1033898
- https://github.com/apache/activemq/commit/00921f2Patch
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65
- http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html
- http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Ser
- http://www.debian.org/security/2015/dsa-3330
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
FAQ
What is CVE-2014-3576?
CVE-2014-3576 is a vulnerability with a CVSS score of 7.5 (HIGH). The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
How severe is CVE-2014-3576?
CVE-2014-3576 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3576?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Activemq, Oracle Business Intelligence Publisher, Oracle Fusion Middleware.