Test ID:	1.3.6.1.4.1.25623.1.0.809055
Category:	Web application abuses
Title:	Apache ActiveMQ Unsafe deserialization Code Execution Vulnerability - Windows
Summary:	Apache ActiveMQ is prone to an arbitrary code execution vulnerability.
Description:	Summary: Apache ActiveMQ is prone to an arbitrary code execution vulnerability. Vulnerability Insight: The flaw exists due to not restricting the classes that can be serialized in the broker. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. Affected Software/OS: Apache ActiveMQ Version 5.0 through 5.12.1 on Windows Solution: Upgrade to Apache ActiveMQ Version 5.13.0 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5254 Debian Security Information: DSA-3524 (Google Search) http://www.debian.org/security/2016/dsa-3524 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E http://www.openwall.com/lists/oss-security/2015/12/08/6 RedHat Security Advisories: RHSA-2016:0489 http://rhn.redhat.com/errata/RHSA-2016-0489.html RedHat Security Advisories: RHSA-2016:2035 http://rhn.redhat.com/errata/RHSA-2016-2035.html RedHat Security Advisories: RHSA-2016:2036 http://rhn.redhat.com/errata/RHSA-2016-2036.html
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.