The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 40.7%.
Denial Of Service
Privilege Escalation
Java
Apache
Activemq
+2
NVD
GitHub
CVSS 3.0
7.5
EPSS
40.7%