vulnerability
FreeBSD: VID-a258604d-f2aa-11e5-b4a9-ac220bdcec59 (CVE-2015-5254): activemq -- Unsafe deserialization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 25, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 25, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports: JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message transformation. As deserialization of untrusted data can lead to security flaws as demonstrated in various reports, this leaves the broker vulnerable to this attack vector. Additionally, applications that consume ObjectMessage type of messages can be vulnerable as they deserialize objects on ObjectMessage.getObject() calls.
Solution
freebsd-upgrade-package-activemq
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.