CVE-2015-7559: Improper Input Validation

August 1, 2019 (updated August 17, 2021)

It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

References

bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559
github.com/advisories/GHSA-jvpp-hxjj-5ccc
issues.apache.org/jira/browse/AMQ-6470
nvd.nist.gov/vuln/detail/CVE-2015-7559

Code Behaviors & Features

Detect and mitigate CVE-2015-7559 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →