What is CVE-2014-3576?

CVE-2014-3576 is a vulnerability in Apache ActiveMQ that allows a remote attacker to cause a denial of service by using the shutdown command to shut down the service.

How does CVE-2014-3576 affect Apache ActiveMQ?

CVE-2014-3576 affects Apache ActiveMQ versions up to and including 5.10.0, allowing a remote attacker to shut down the service using the shutdown command.

Which other software is affected by CVE-2014-3576?

Oracle Business Intelligence Publisher, Oracle Fusion Middleware (versions 8.1, 9.0, 11.1.1.7.4, and 12.1.3.0.0), and IBM Security Directory Suite VA (versions 8.0.1-8.0.1.19) are also affected by CVE-2014-3576.

What is the severity of CVE-2014-3576?

CVE-2014-3576 has a severity rating of 7.5 (high).

How can I mitigate the CVE-2014-3576 vulnerability?

To mitigate the CVE-2014-3576 vulnerability, it is recommended to upgrade to a version of Apache ActiveMQ that is not affected, such as version 5.11 or later.

Vulnerability/
CVE-2014-3576

high

7.5

CWE

264 78

14/8/2015

14/5/2022

6/8/2024

CVE-2014-3576: OS Command Injection

First published: Fri Aug 14 2015(Updated: )

Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the processControlCommand function in broker/TransportConnection.java. A remote attacker could use the shutdown command to shutdown the service.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
maven/org.apache.activemq:activemq-client	<5.11.0	5.11.0
IBM Security Directory Suite VA	<=8.0.1-8.0.1.19
Apache ActiveMQ	<=5.10.0
Oracle Business Intelligence Publisher	=12.2.1.0.0
Oracle Fusion Middleware	=8.1
Oracle Fusion Middleware	=9.0
Oracle Fusion Middleware	=11.1.1.7.4
Oracle Fusion Middleware	=12.1.3.0.0

Remedy

https://github.com/apache/activemq/commit/00921f2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7001693

Frequently Asked Questions

What is CVE-2014-3576?
CVE-2014-3576 is a vulnerability in Apache ActiveMQ that allows a remote attacker to cause a denial of service by using the shutdown command to shut down the service.
How does CVE-2014-3576 affect Apache ActiveMQ?
CVE-2014-3576 affects Apache ActiveMQ versions up to and including 5.10.0, allowing a remote attacker to shut down the service using the shutdown command.
Which other software is affected by CVE-2014-3576?
Oracle Business Intelligence Publisher, Oracle Fusion Middleware (versions 8.1, 9.0, 11.1.1.7.4, and 12.1.3.0.0), and IBM Security Directory Suite VA (versions 8.0.1-8.0.1.19) are also affected by CVE-2014-3576.
What is the severity of CVE-2014-3576?
CVE-2014-3576 has a severity rating of 7.5 (high).
How can I mitigate the CVE-2014-3576 vulnerability?
To mitigate the CVE-2014-3576 vulnerability, it is recommended to upgrade to a version of Apache ActiveMQ that is not affected, such as version 5.11 or later.

collector/nvd-index
collector/github-advisory-latest
alias/GHSA-3wfj-vh84-732p
alias/CVE-2014-3576
collector/nvd-cve
collector/github-advisory
agent/author
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/severity
agent/references
agent/remedy
agent/weakness
agent/tags
agent/event
agent/description
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache activemq
version/apache activemq/5.10.0
vendor/oracle
canonical/oracle business intelligence publisher
version/oracle business intelligence publisher/12.2.1.0.0
canonical/oracle fusion middleware
version/oracle fusion middleware/8.1
version/oracle fusion middleware/9.0
version/oracle fusion middleware/11.1.1.7.4
version/oracle fusion middleware/12.1.3.0.0
package-manager/maven
vendor/ibm
canonical/ibm security directory suite va
version/ibm security directory suite va/8.0.1-8.0.1.19