Lucene search
K

Debian Security Advisory DSA 3330-1 (activemq - security update)

🗓️ 07 Aug 2015 00:00:00Reported by Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.netType 
openvas
 openvas
🔗 plugins.openvas.org👁 28 Views

Debian Security Advisory DSA 3330-1 (activemq - security update). Apache ActiveMQ message broker vulnerability fix for Debian Linu

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Tivoli Netcool Impact is affected by multiple vulnerabilities in IBM Tivoli Integrated Portal (TIP)
17 Jun 201815:50
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM Sterling B2B Integrator
5 Feb 202000:53
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4905, CVE-2014-3576)
16 Jun 201822:06
ibm
IBM Security Bulletins
Security Bulletin: OpenSource Apache ActiveMQ vulnerabilities identified with IBM Tivoli Integrated Portal (TIP) v2.2
17 Jun 201815:50
ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in Jazz for Service Management shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2014-3600)
17 Jun 201815:48
ibm
IBM Security Bulletins
Security Bulletin: Jazz for Service Management is affected by Open Source Apache ActiveMQ vulnerability - Reported in 02/05/2015 X-Force Report
17 Jun 201815:07
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities have been identified in IBM Tivoli Integrated Portal (TIP) shipped with Tivoli Business Service Manager (CVE-2015-5254, CVE-2014-3600, CVE-2014-3612, CVE-2014-8110, CVE-2014-3579)
17 Jun 201815:50
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
2 May 202412:46
ibm
IBM Security Bulletins
Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities
22 Jun 202316:30
ibm
IBM Security Bulletins
Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to activemq-core (CVE-2014-3600, CVE-2013-1879, CVE-2015-6524, CVE-2011-4905)
27 Jun 202509:49
ibm
Rows per page
# OpenVAS Vulnerability Test
# $Id: deb_3330.nasl 7798 2017-11-17 05:43:16Z teissa $
# Auto-generated from advisory DSA 3330-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#


if(description)
{
    script_id(703330);
    script_version("$Revision: 7798 $");
    script_cve_id("CVE-2014-3576", "CVE-2014-3600", "CVE-2014-3612");
    script_name("Debian Security Advisory DSA 3330-1 (activemq - security update)");
    script_tag(name: "last_modification", value: "$Date: 2017-11-17 06:43:16 +0100 (Fri, 17 Nov 2017) $");
    script_tag(name: "creation_date", value: "2015-08-07 00:00:00 +0200 (Fri, 07 Aug 2015)");
    script_tag(name:"cvss_base", value:"7.5");
    script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
    script_tag(name: "solution_type", value: "VendorFix");
    script_tag(name: "qod_type", value: "package");

    script_xref(name: "URL", value: "http://www.debian.org/security/2015/dsa-3330.html");


    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: "activemq on Debian Linux");
        script_tag(name: "insight",   value: "Apache ActiveMQ is a message broker built around Java Message Service (JMS)
API : allow sending messages between two or more clients in a loosely coupled,
reliable, and asynchronous way.");
    script_tag(name: "solution",  value: "For the oldstable distribution (wheezy), this problem has been fixed
in version 5.6.0+dfsg-1+deb7u1. This update also fixes CVE-2014-3612 and CVE-2014-3600 
.

For the stable distribution (jessie), this problem has been fixed in
version 5.6.0+dfsg1-4+deb8u1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your activemq packages.");
    script_tag(name: "summary",   value: "It was discovered that the Apache ActiveMQ message broker is susceptible
to denial of service through an undocumented, remote shutdown command.");
    script_tag(name: "vuldetect", value: "This check tests the installed software version using the apt package manager.");
    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"activemq", ver:"5.6.0+dfsg-1+deb7u1", rls_regex:"DEB7.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libactivemq-java", ver:"5.6.0+dfsg-1+deb7u1", rls_regex:"DEB7.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libactivemq-java-doc", ver:"5.6.0+dfsg-1+deb7u1", rls_regex:"DEB7.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"activemq", ver:"5.6.0+dfsg1-4+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libactivemq-java", ver:"5.6.0+dfsg1-4+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"libactivemq-java-doc", ver:"5.6.0+dfsg1-4+deb8u1", rls_regex:"DEB8.[0-9]+")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation