Moderate severityNVD Advisory· Published Aug 1, 2019· Updated Aug 6, 2024

CVE-2015-7559

Description

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.activemq:activemq-clientMaven	< 5.14.5	5.14.5

Affected products

Apache/Activemqv5
Range: 5.15.5

Patches

b8fc78ec6c36

https://github.com/apache/activemqvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-jvpp-hxjj-5cccghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-7559ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsaWEB
github.com/apache/activemq/commit/b8fc78ec6c367cbe2a40a674eaec64ac3d7d1ecghsaWEB
issues.apache.org/jira/browse/AMQ-6470ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000