CVE-2014-3576
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
Known Affected Software
41 configuration(s) from 2 vendor(s)
activemq
Version:
3.2.2
CPE:
cpe:2.3:a:apache:activemq:3.2.2:*:*:*:*:*:*:*
activemq
Version:
4.0.2
CPE:
cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
activemq
Version:
5.4.2
CPE:
cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
activemq
Version:
2.0
CPE:
cpe:2.3:a:apache:activemq:2.0:*:*:*:*:*:*:*
activemq
Version:
3.0
CPE:
cpe:2.3:a:apache:activemq:3.0:*:*:*:*:*:*:*
activemq
Version:
5.3.0
CPE:
cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
activemq
Version:
1.5
CPE:
cpe:2.3:a:apache:activemq:1.5:*:*:*:*:*:*:*
activemq
Version:
5.4.3
CPE:
cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
activemq
Version:
5.0.0
CPE:
cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
activemq
Version:
3.2
CPE:
cpe:2.3:a:apache:activemq:3.2:*:*:*:*:*:*:*
activemq
Version:
5.3.2
CPE:
cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
activemq
Version:
5.9.0
CPE:
cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
activemq
Version:
5.8.0
CPE:
cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
activemq
Version:
5.10.0
CPE:
cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
activemq
Version:
4.1.2
CPE:
cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*
activemq
Version:
3.1
CPE:
cpe:2.3:a:apache:activemq:3.1:*:*:*:*:*:*:*
activemq
Version:
1.3
CPE:
cpe:2.3:a:apache:activemq:1.3:*:*:*:*:*:*:*
activemq
Version:
4.0
CPE:
cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
activemq
Version:
5.4.1
CPE:
cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
activemq
Version:
5.2.0
CPE:
cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
activemq
Version:
5.3.1
CPE:
cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
activemq
Version:
5.7.0
CPE:
cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
activemq
Version:
1.1
CPE:
cpe:2.3:a:apache:activemq:1.1:*:*:*:*:*:*:*
activemq
Version:
5.9.1
CPE:
cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
activemq
Version:
1.4
CPE:
cpe:2.3:a:apache:activemq:1.4:*:*:*:*:*:*:*
activemq
Version:
4.0.1
CPE:
cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
activemq
Version:
3.2.1
CPE:
cpe:2.3:a:apache:activemq:3.2.1:*:*:*:*:*:*:*
activemq
Version:
1.2
CPE:
cpe:2.3:a:apache:activemq:1.2:*:*:*:*:*:*:*
activemq
Version:
5.1.0
CPE:
cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
activemq
Version:
4.1.0
CPE:
cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
activemq
Version:
2.1
CPE:
cpe:2.3:a:apache:activemq:2.1:*:*:*:*:*:*:*
activemq
Version:
5.5.1
CPE:
cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
activemq
Version:
5.5.0
CPE:
cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
activemq
Version:
5.4.0
CPE:
cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
activemq
Version:
5.6.0
CPE:
cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
activemq
Version:
4.1.1
CPE:
cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
fusion_middleware
Version:
11.1.1.7.4
CPE:
cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.4:*:*:*:*:*:*:*
fusion_middleware
Version:
8.1
CPE:
cpe:2.3:a:oracle:fusion_middleware:8.1:*:*:*:*:*:*:*
fusion_middleware
Version:
12.1.3.0.0
CPE:
cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0:*:*:*:*:*:*:*
business_intelligence_publisher
Version:
12.2.1.0.0
CPE:
cpe:2.3:a:oracle:business_intelligence_publisher:12.2.1.0.0:*:*:*:*:*:*:*
fusion_middleware
Version:
9.0
CPE:
cpe:2.3:a:oracle:fusion_middleware:9.0:*:*:*:*:*:*:*
This vulnerability affects 41 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.htmlsecalert@redhat.com
-
http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.htmlsecalert@redhat.com
-
http://www.debian.org/security/2015/dsa-3330secalert@redhat.com
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlsecalert@redhat.com
-
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlsecalert@redhat.com
-
http://www.securityfocus.com/archive/1/536862/100/0/threadedsecalert@redhat.com
-
http://www.securityfocus.com/bid/76272secalert@redhat.com
-
http://www.securitytracker.com/id/1033898secalert@redhat.com
-
https://github.com/apache/activemq/commit/00921f2secalert@redhat.com Patch
-
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Esecalert@redhat.com
-
http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.debian.org/security/2015/dsa-3330af854a3a-2127-422b-91ae-364da2661108
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/archive/1/536862/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/76272af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id/1033898af854a3a-2127-422b-91ae-364da2661108
-
https://github.com/apache/activemq/commit/00921f2af854a3a-2127-422b-91ae-364da2661108 Patch
-
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Key Information
- Published Date
- August 14, 2015
