CVE-2015-5254

Published: Jan 8, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

DSA-3524

vendor-advisory

x_refsource_DEBIAN

RHSA-2016:2035

vendor-advisory

x_refsource_REDHAT

FEDORA-2015-7ca4368b0c

vendor-advisory

x_refsource_FEDORA

[oss-security] 20151208 [ANNOUNCE] CVE-2015-5254 - Unsafe deserialization in ActiveMQ

mailing-list

x_refsource_MLIST

RHSA-2016:0489

vendor-advisory

x_refsource_REDHAT

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

x_refsource_CONFIRM

FEDORA-2015-eefc5a6762

vendor-advisory

x_refsource_FEDORA

RHSA-2016:2036

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

x_refsource_CONFIRM

https://issues.apache.org/jira/browse/AMQ-6013

x_refsource_CONFIRM

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

x_refsource_CONFIRM

http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt

x_refsource_CONFIRM

[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-5254

Description

Affected Products

References