VDB
DEBIAN-CVE-2015-5254
DEBIAN-CVE-2015-5254
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Risk Scores
CVSS v3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | activemq | 0, 0, 0 |
| Debian:11 | activemq | 0, 0, 0 |
| Debian:13 | activemq | 0, 0, 0 |
Timeline
- Jan 8, 2016 CVE Published
- Apr 28, 2026 CVE Updated