Published: 08/01/2016 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Apache ActiveMQ 5.x prior to 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote malicious users to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openshift 2.0
apache activemq 5.3.0
apache activemq 5.11.1
apache activemq 5.8.0
apache activemq 5.4.3
apache activemq 5.4.0
apache activemq 5.5.1
apache activemq 5.12.0
apache activemq 5.4.1
apache activemq 5.9.0
apache activemq 5.11.2
apache activemq 5.11.0
apache activemq 5.3.1
apache activemq 5.2.0
apache activemq 5.7.0
apache activemq 5.0.0
apache activemq 5.12.1
apache activemq 5.10.1
apache activemq 5.10.0
apache activemq 5.1.0
apache activemq 5.5.0
apache activemq 5.3.2
apache activemq 5.10.2
apache activemq 5.9.1
apache activemq 5.6.0
fedoraproject fedora 22
fedoraproject fedora 23

Debian Bug report logs - #809733 activemq: CVE-2015-5254: unsafe deserialization Package: src:activemq; Maintainer for src:activemq is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 3 Jan 2016 14:36:02 UTC Owned by: Markus Kosch ...

ActiveMQ Deserialization RCE

CVE-2015-5254 ActiveMQ Deserialization RCE 0x01 sure port 61616 is open nmap -p 61616 -Pn -T5 -n -sC -sV 101020166 root@kali:~# nmap -p 61616 -Pn -T5 -n -sC -sV 101020166 Starting Nmap 770 ( nmaporg ) at 2019-08-30 02:05 EDT Nmap scan report for 101020166 Host is up (000022s latency) PORT STATE SERVICE VERSION 61616/tcp open apachemq ActiveMQ Op

Running vulnerable labs and Cyber Security platforms.

Athena OS Cyber Hub Athena Cyber Hub (ACH) is a forked version of Vanilla Control Center with several differences in order to fit the needs of Cyber Security users on Athena OS Unlike Vanilla OS, it replaces distrobox by docker and it is not intended to run operating systems or managing the updates, but it is intended to run vulnerable laboratories for learning purpose

ActiveMQ_CVE-2015-5254

ActiveMQ反序列化（CVE-2015-5254）漏洞描述：Apache ActiveMQ 5130之前5x版本中存在安全漏洞，该漏洞源于程序没有限制可在代理中序列化的类。远程攻击者可借助特制的序列化的Java Message Service(JMS)ObjectMessage对象利用该漏洞执行任意代码。影响版本：Apache ActiveMQ 5130之前的5x版本 0x01 登陆后�

CWE-20 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html http://www.openwall.com/lists/oss-security/2015/12/08/6 http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html https://issues.apache.org/jira/browse/AMQ-6013 http://rhn.redhat.com/errata/RHSA-2016-0489.html http://www.debian.org/security/2016/dsa-3524 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://rhn.redhat.com/errata/RHSA-2016-2036.html http://rhn.redhat.com/errata/RHSA-2016-2035.html https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809733 https://nvd.nist.gov https://github.com/jas502n/CVE-2015-5254

CVE-2015-5254

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect