Candidate: CVE-2014-3576
PublicDate: 2015-08-14 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3576
Description:
 The processControlCommand function in broker/TransportConnection.java in
 Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of
 service (shutdown) via a shutdown command.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792857
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3576
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_activemq:
upstream_activemq: released (5.11.0)
precise_activemq: ignored (reached end-of-life)
precise/esm_activemq: DNE (precise was needed)
trusty_activemq: released (5.6.0+dfsg-1+deb7u1build0.14.04.1)
trusty/esm_activemq: DNE (trusty was released [5.6.0+dfsg-1+deb7u1build0.14.04.1])
utopic_activemq: ignored (reached end-of-life)
vivid_activemq: released (5.6.0+dfsg1-4+deb8u1)
vivid/stable-phone-overlay_activemq: DNE
vivid/ubuntu-core_activemq: DNE
wily_activemq: not-affected (5.6.0+dfsg1-4+deb8u1ubuntu1)
xenial_activemq: not-affected (5.13.2+dfsg-2)
yakkety_activemq: not-affected (5.13.2+dfsg-2)
zesty_activemq: not-affected (5.13.2+dfsg-2)
devel_activemq: not-affected (5.13.2+dfsg-2)