CVE-2015-7559

low-risk

Published 2019-08-01

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.7/10 Low

NETWORK / LOW complexity

Affected Products (4)

Activemq

Jboss A-Mq

Jboss Fuse

Affected Vendors

Redhat Apache

References (4)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559

Patch https://issues.apache.org/jira/browse/AMQ-6470

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559

Patch https://issues.apache.org/jira/browse/AMQ-6470

/ 100

low-risk

Severity 14/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 10/34 · Low