activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cshan...@apache.org
Subject svn commit: r983034 - /websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
Date Thu, 17 Mar 2016 15:37:44 GMT
Author: cshannon
Date: Thu Mar 17 15:37:44 2016
New Revision: 983034

Log:
Updating typo in CVE-2016-0782-announcement.txt

Modified:
    websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt

Modified: websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
==============================================================================
--- websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
(original)
+++ websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
Thu Mar 17 15:37:44 2016
@@ -6,14 +6,14 @@ Vendor:
 The Apache Software Foundation
 
 Versions Affected:
-Apache ActiveMQ 5.0.0 - 5.13.1
+Apache ActiveMQ 5.0.0 - 5.13.0
 
 Description:
 Several instances of cross-site scripting vulnerabilities were identified to be present in
the web based administration console as well as the ability to trigger a Java memory dump
into an arbitrary folder. The root cause of these issues are improper user data output validation
and incorrect permissions configured on Jolokia.
 
 
 Mitigation:
-Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.2
+Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.1
 
 Credit:
 This issue was discovered by Vladimir Ivanov (Positive Technologies)



Mime
View raw message