Executive Summary
Summary | |
---|---|
Title | activemq security update |
Informations | |||
---|---|---|---|
Name | DSA-3330 | First vendor Publication | 2015-08-07 |
Vendor | Debian | Last vendor Modification | 2015-08-07 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
It was discovered that the Apache ActiveMQ message broker is susceptible to denial of service through an undocumented, remote shutdown command. For the oldstable distribution (wheezy), this problem has been fixed in version 5.6.0+dfsg-1+deb7u1. This update also fixes CVE-2014-3612 and CVE-2014-3600. For the stable distribution (jessie), this problem has been fixed in version 5.6.0+dfsg1-4+deb8u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your activemq packages. |
Original Source
Url : http://www.debian.org/security/2015/dsa-3330 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-611 | Information Leak Through XML External Entity File Disclosure |
33 % | CWE-287 | Improper Authentication |
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Apache ActiveMQ shutdown command denial of service attempt RuleID : 37503 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-04-26 | Name : The NetIQ Sentinel server installed on the remote host is affected by multipl... File : netiq_sentinel_7_4_1_0.nasl - Type : ACT_GATHER_INFO |
2015-08-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3330.nasl - Type : ACT_GATHER_INFO |
2015-07-23 | Name : A web application on the remote host is affected by multiple vulnerabilities. File : puppet_enterprise_activemq_psql_ssl.nasl - Type : ACT_GATHER_INFO |
2015-02-16 | Name : The remote host has a web application installed that is affected by multiple ... File : activemq_5_10_1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-10-10 00:22:10 |
|
2015-08-25 21:32:50 |
|
2015-08-24 21:33:36 |
|
2015-08-18 13:35:59 |
|
2015-08-17 21:33:38 |
|
2015-08-15 00:30:18 |
|
2015-08-08 00:25:45 |
|