CVE-2015-5254 in BI Publisherinfo

Summary

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

07/01/2015

Disclosure

01/08/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
108062	Oracle BI Publisher Apache ActiveMQ input validation	20	Not defined	Official fix	CVE-2015-5254
103788	Oracle Enterprise Repository Apache ActiveMQ input validation	20	Not defined	Official fix	CVE-2015-5254
80115	Apache ActiveMQ Broker Service input validation	20	Not defined	Official fix	CVE-2015-5254

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!