AI description
Automated description summarized from trusted sources.
CVE-2015-5254 describes a vulnerability in Apache ActiveMQ versions prior to 5.13.0. The flaw exists because the affected versions do not restrict the classes that can be serialized within the broker. This oversight allows remote attackers to execute arbitrary code by sending a specially crafted Java Message Service (JMS) ObjectMessage object. The vulnerability stems from unsafe deserialization handling, where the system fails to properly validate classes during the deserialization of user-supplied data. This means that a malicious actor could craft a specific message that, when deserialized by the ActiveMQ broker, would lead to the execution of unauthorized code.
- Description
- Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
- Source
- secalert@redhat.com
- NVD status
- Modified
- Products
- openshift, activemq, fedora
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-20
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "436F59B9-507A-4B4E-A9F3-022616866151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F58D9E69-CBF2-4FB6-B062-ED21F83CBCCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05D6EC30-88DC-4424-BF86-D9C0DA5E191C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82ACD6BA-257F-49D0-8944-0991FB038533",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C43FD7A1-FC03-47BC-B6C6-02C0F1466762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A8D571-2925-4F61-B3F0-8F4A3776F6EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47B31CD9-A3BB-427C-A631-2E8168DD1985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B904806-6796-4947-BDF4-EEA5681147E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6075BF1D-AC7C-46E3-A730-4E9A98856520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "623530FC-12E9-480B-AFA0-C19FCFFA5D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5755A41-0DBE-4F54-A1C1-4F65DCC6ACD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11AADFBF-AC60-4535-892C-BE90BE858172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5143E8-B392-4954-9C0D-DD39388B669F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C0A644-8667-4ABD-8BB3-46289DCD3A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "607B6541-973A-4FF5-8106-A30076CA353C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08310F87-4C45-436F-A707-A22A4ACB1587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4243B47C-26B9-45BE-B66A-F1534D18A265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26258CBF-39D0-45FD-AC6B-3D9840CB88EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "532FC7B8-31FD-459C-B757-4D17D4E6ED63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36710BEE-E9B8-4979-BB75-6CEF7836268B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F15DF0DF-FDBD-4196-88DE-023CF90AA0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1A027B-EDBB-4305-BCE2-5DA862F9A3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DA90EA1-64F2-44DD-86A8-E35191C79446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7D827D-8180-4605-98CB-03436F916B27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]