Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ

RSS Feed HIGH

GHSA-3wfj-vh84-732p CVE-2014-3576

Description:

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

Affected Packages

Ecosystem	Package	Vulnerable Versions	Patched Version
maven	`org.apache.activemq:activemq-client`	`< 5.11.0`	`5.11.0`

Related Dependabot Pull Requests

All Open Closed Merged

No Related Pull Requests

No Dependabot pull requests have been found that reference this security advisory.

Actions

View on GitHub All Advisories

Advisory Details

Published:	May 14, 2022 about 4 years ago
Updated:	June 03, 2026 16 days ago
CVSS Score:	7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS:	40.74% 97th percentile
Source:	Github
Classification:	GENERAL
UUID:	`GSA_kwCzR0hTQS0zd2ZqLXZoODQtNzMycM4AATvQ`

References

https://nvd.nist.gov/vuln/detail/CVE-2014-3576
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html
http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html
http://www.debian.org/security/2015/dsa-3330
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/archive/1/536862/100/0/threaded
https://github.com/apache/activemq/commit/00921f22ff9a8792d7663ef8fadd4823402a6324
https://github.com/apache/activemq/commit/f07e6a53216f9388185ac2b39f366f3bfd6a8a55
https://github.com/advisories/GHSA-3wfj-vh84-732p

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot