Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability

Apache ActiveMQ is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service condition.

Apache ActiveMQ 5.14.1 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97967
Class: Design Error
CVE: CVE-2015-7559

Remote: Yes
Local: No
Published: Apr 19 2017 12:00AM
Updated: Apr 24 2017 05:08PM
Credit: The vendor reported this issue.
Vulnerable: Redhat JBoss Fuse 6.3
Redhat JBoss A-MQ 6.3
Redhat JBoss A-MQ 6.2.1
Apache ActiveMQ 5.14.1

Not Vulnerable: Apache ActiveMQ 5.15
Apache ActiveMQ 5.14.5

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

Apache ActiveMQ - Homepage (Apache)
https://issues.apache.org/jira/browse/AMQ-6470 - Remove unused ControlCommand ha (Apache)
Bug 1293972 - (CVE-2015-7559) CVE-2015-7559 ActiveMQ: DoS in client via shutdow (Redhat)
Remove unused ControlCommand handling in client (Apache)
RHSA-2017:0868-1: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update (Redhat)

Source: www.securityfocus.com

Exploit Collector

Search Exploit