activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1002500 - in /websites/production/activemq/content: cache/main.pageCache security-advisories.data/CVE-2016-3088-announcement.txt security-advisories.data/CVE-2016-6810-announcement.txt security-advisories.html
Date Fri, 09 Dec 2016 13:22:59 GMT
Author: buildbot
Date: Fri Dec  9 13:22:58 2016
New Revision: 1002500

Log:
Production update by buildbot for activemq

Added:
    websites/production/activemq/content/security-advisories.data/CVE-2016-6810-announcement.txt
Modified:
    websites/production/activemq/content/cache/main.pageCache
    websites/production/activemq/content/security-advisories.data/CVE-2016-3088-announcement.txt
    websites/production/activemq/content/security-advisories.html

Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/activemq/content/security-advisories.data/CVE-2016-3088-announcement.txt
==============================================================================
--- websites/production/activemq/content/security-advisories.data/CVE-2016-3088-announcement.txt
(original)
+++ websites/production/activemq/content/security-advisories.data/CVE-2016-3088-announcement.txt
Fri Dec  9 13:22:58 2016
@@ -5,7 +5,7 @@ Vendor:
 The Apache Software Foundation
 
 Versions Affected:
-Apache ActiveMQ 5.0.0 - 5.13.2
+Apache ActiveMQ 5.0.0 - 5.13.x
 
 Description:
 

Added: websites/production/activemq/content/security-advisories.data/CVE-2016-6810-announcement.txt
==============================================================================
--- websites/production/activemq/content/security-advisories.data/CVE-2016-6810-announcement.txt
(added)
+++ websites/production/activemq/content/security-advisories.data/CVE-2016-6810-announcement.txt
Fri Dec  9 13:22:58 2016
@@ -0,0 +1,19 @@
+CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.14.1
+
+Description:
+An instance of a cross-site scripting vulnerability was identified to be present in the web
based administration console. The root cause of this issue is improper user data output validation.
+
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.14.2
+
+Credit:
+This issue was discovered by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.
and was reported byJPCERT/CC.

Modified: websites/production/activemq/content/security-advisories.html
==============================================================================
--- websites/production/activemq/content/security-advisories.html (original)
+++ websites/production/activemq/content/security-advisories.html Fri Dec  9 13:22:58 2016
@@ -72,7 +72,7 @@
   <tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2 id="SecurityAdvisories-ApacheActiveMQ">Apache
ActiveMQ</h2><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&amp;modificationDate=1457613666000&amp;api=v2"
data-linked-resource-id="62687061" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-0734-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="10">CVE-2016-0734</a>&#160;-&#160;ActiveMQ
Web Console - Clickjacking</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&amp;modificationDate=1458229308000&amp;api=v2"
data-linked-resource-id="62687062" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-0782-announc
 ement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="10">CVE-2016-0782</a>&#160;-&#160;ActiveMQ
Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-3088-announcement.txt?version=4&amp;modificationDate=1464022661036&amp;api=v2"
data-linked-resource-id="63406525" data-linked-resource-version="4" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-3088-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="10">CVE-2016-3088</a> -&#160;ActiveMQ
Fileserver web application vulnerabilities</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&amp;modificationDate=1449589734000&amp;api=v
 2" data-linked-resource-id="61331741" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-5254-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="10">CVE-2015-5254</a> -&#160;Unsafe deserialization
in ActiveMQ</li><li><a shape="rect" href="security-advisories.data/CVE-2015-1830-announcement.txt?version=2&amp;modificationDate=1440426986000&amp;api=v2"
data-linked-resource-id="61313840" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-1830-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="10">CVE-2015-1830</a> - Path traversal leading
to unauthenticated RCE in ActiveMQ&#160;</li></ul><h3 id="SecurityAdviso
 ries-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&amp;modificationDate=1446901063000&amp;api=v2"
data-linked-resource-id="61327457" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3576-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="10">CVE-2014-3576</a> -&#160;Remote Unauthenticated
Shutdown of Broker (DoS)</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&amp;modificationDate=1423051306000&amp;api=v2"
data-linked-resource-id="52035730" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3600-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-
 id="51808957" data-linked-resource-container-version="10">CVE-2014-3600</a>&#160;-&#160;Apache
ActiveMQ XXE with XPath selectors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&amp;modificationDate=1423051365000&amp;api=v2"
data-linked-resource-id="52035731" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3612-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="10">CVE-2014-3612</a> -&#160;ActiveMQ
JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li><li><a
shape="rect" href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&amp;modificationDate=1423051381000&amp;api=v2"
data-linked-resource-id="52035732" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-reso
 urce-default-alias="CVE-2014-8110-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2014-8110</a>
-&#160;<span style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site Scripting</span><span
style="line-height: 1.4285715;"><br clear="none"></span></li></ul><h2
id="SecurityAdvisories-ActiveMQApollo"><span style="line-height: 1.4285715;">ActiveMQ
Apollo</span></h2><h3 id="SecurityAdvisories-2014.1"><span style="line-height:
1.4285715;">2014</span></h3><ul><li><span style="line-height:
1.4285715;"><span style="line-height: 1.4285715;">&#160;</span></span><a
shape="rect" href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&amp;modificationDate=1423054118000&amp;api=v2"
data-linked-resource-id="52035737" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3579-anno
 uncement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="10">CVE-2014-3579</a><span style="line-height:
1.4285715;"> -&#160;ActiveMQ Apollo XXE with XPath selectors</span></li></ul><p><span
style="line-height: 1.4285715;">&#160;</span></p></div>
+<div class="wiki-content maincontent"><h2 id="SecurityAdvisories-ApacheActiveMQ">Apache
ActiveMQ</h2><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2016-6810-announcement.txt?version=1&amp;modificationDate=1481288563507&amp;api=v2"
data-linked-resource-id="67634297" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-6810-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2016-6810</a>&#160;-&#160;ActiveMQ
Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&amp;modificationDate=1457613666000&amp;api=v2"
data-linked-resource-id="62687061" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-0734
 -announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2016-0734</a>&#160;-&#160;ActiveMQ
Web Console - Clickjacking</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&amp;modificationDate=1458229308000&amp;api=v2"
data-linked-resource-id="62687062" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-0782-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2016-0782</a>&#160;-&#160;ActiveMQ
Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-3088-announcement.txt?version=5&amp;modificationDate=1464092715000&amp;api=v2"
data-linked-resource-id="63406525" data-linked-reso
 urce-version="5" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-3088-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2016-3088</a> -&#160;ActiveMQ
Fileserver web application vulnerabilities</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&amp;modificationDate=1449589734000&amp;api=v2"
data-linked-resource-id="61331741" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-5254-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2015-5254</a> -&#160;Unsafe deserialization
in ActiveMQ</li><li><a shape="rect" href="security-ad
 visories.data/CVE-2015-1830-announcement.txt?version=2&amp;modificationDate=1440426986000&amp;api=v2"
data-linked-resource-id="61313840" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-1830-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2015-1830</a> - Path traversal leading
to unauthenticated RCE in ActiveMQ&#160;</li></ul><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a
shape="rect" href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&amp;modificationDate=1446901063000&amp;api=v2"
data-linked-resource-id="61327457" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3576-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container
 -id="51808957" data-linked-resource-container-version="11">CVE-2014-3576</a> -&#160;Remote
Unauthenticated Shutdown of Broker (DoS)</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&amp;modificationDate=1423051306000&amp;api=v2"
data-linked-resource-id="52035730" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3600-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2014-3600</a>&#160;-&#160;Apache
ActiveMQ XXE with XPath selectors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&amp;modificationDate=1423051365000&amp;api=v2"
data-linked-resource-id="52035731" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3612-announcement.
 txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2014-3612</a> -&#160;ActiveMQ
JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li><li><a
shape="rect" href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&amp;modificationDate=1423051381000&amp;api=v2"
data-linked-resource-id="52035732" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-8110-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2014-8110</a> -&#160;<span
style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site Scripting</span><span
style="line-height: 1.4285715;"><br clear="none"></span></li></ul><h2
id="SecurityAdvisories-ActiveMQApollo"
 ><span style="line-height: 1.4285715;">ActiveMQ Apollo</span></h2><h3
id="SecurityAdvisories-2014.1"><span style="line-height: 1.4285715;">2014</span></h3><ul><li><span
style="line-height: 1.4285715;"><span style="line-height: 1.4285715;">&#160;</span></span><a
shape="rect" href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&amp;modificationDate=1423054118000&amp;api=v2"
data-linked-resource-id="52035737" data-linked-resource-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3579-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="11">CVE-2014-3579</a><span style="line-height:
1.4285715;"> -&#160;ActiveMQ Apollo XXE with XPath selectors</span></li></ul><p><span
style="line-height: 1.4285715;">&#160;</span></p></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message