High severity7.5NVD Advisory· Published Aug 14, 2015· Updated May 6, 2026
CVE-2014-3576
CVE-2014-3576
Description
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:activemq-clientMaven | < 5.11.0 | 5.11.0 |
Affected products
6- cpe:2.3:a:oracle:business_intelligence_publisher:12.2.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.4:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:12.1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:fusion_middleware:9.0:*:*:*:*:*:*:*
Patches
200921f22ff9aRemove unused ConnectionControl handling.
1 file changed · +0 −4
activemq-broker/src/main/java/org/apache/activemq/broker/TransportConnection.java+0 −4 modified@@ -1534,10 +1534,6 @@ public int getProtocolVersion() { @Override public Response processControlCommand(ControlCommand command) throws Exception { - String control = command.getCommand(); - if (control != null && control.equals("shutdown")) { - System.exit(0); - } return null; }
f07e6a53216fRemove unused ConnectionControl handling.
1 file changed · +0 −4
activemq-broker/src/main/java/org/apache/activemq/broker/TransportConnection.java+0 −4 modified@@ -1534,10 +1534,6 @@ public int getProtocolVersion() { @Override public Response processControlCommand(ControlCommand command) throws Exception { - String control = command.getCommand(); - if (control != null && control.equals("shutdown")) { - System.exit(0); - } return null; }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
15- github.com/apache/activemq/commit/00921f2nvdPatch
- github.com/advisories/GHSA-3wfj-vh84-732pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-3576ghsaADVISORY
- activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.htmlnvdWEB
- packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.htmlnvdWEB
- www.debian.org/security/2015/dsa-3330nvdWEB
- www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.htmlnvdWEB
- www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlnvdWEB
- www.securityfocus.com/archive/1/536862/100/0/threadednvdWEB
- github.com/apache/activemq/commit/00921f22ff9a8792d7663ef8fadd4823402a6324ghsaWEB
- github.com/apache/activemq/commit/f07e6a53216f9388185ac2b39f366f3bfd6a8a55ghsaWEB
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3EghsaWEB
- www.securityfocus.com/bid/76272nvd
- www.securitytracker.com/id/1033898nvd
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Envd
News mentions
0No linked articles in our index yet.