From commits-return-61778-apmail-activemq-commits-archive=activemq.apache.org@activemq.apache.org  Thu Sep 10 04:22:41 2020
Return-Path: <commits-return-61778-apmail-activemq-commits-archive=activemq.apache.org@activemq.apache.org>
X-Original-To: apmail-activemq-commits-archive@www.apache.org
Delivered-To: apmail-activemq-commits-archive@www.apache.org
Received: from mailroute1-lw-us.apache.org (mailroute1-lw-us.apache.org [207.244.88.153])
	by minotaur.apache.org (Postfix) with ESMTP id 1EC9E19F62
	for <apmail-activemq-commits-archive@www.apache.org>; Thu, 10 Sep 2020 04:22:40 +0000 (UTC)
Received: from mail.apache.org (localhost [127.0.0.1])
	by mailroute1-lw-us.apache.org (ASF Mail Server at mailroute1-lw-us.apache.org) with SMTP id C7018122572
	for <apmail-activemq-commits-archive@www.apache.org>; Thu, 10 Sep 2020 04:22:39 +0000 (UTC)
Received: (qmail 72738 invoked by uid 500); 10 Sep 2020 04:22:39 -0000
Delivered-To: apmail-activemq-commits-archive@activemq.apache.org
Received: (qmail 72691 invoked by uid 500); 10 Sep 2020 04:22:39 -0000
Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@activemq.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@activemq.apache.org>
List-Post: <mailto:commits@activemq.apache.org>
List-Id: <commits.activemq.apache.org>
Reply-To: dev@activemq.apache.org
Delivered-To: mailing list commits@activemq.apache.org
Received: (qmail 72532 invoked by uid 99); 10 Sep 2020 04:22:39 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Sep 2020 04:22:39 +0000
Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33)
	id EA2738087C; Thu, 10 Sep 2020 04:22:38 +0000 (UTC)
Date: Thu, 10 Sep 2020 04:22:38 +0000
To: "commits@activemq.apache.org" <commits@activemq.apache.org>
Subject: [activemq-website] branch asf-site updated: Automatic Site Publish
 by Buildbot
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID: <159971175887.25061.9111518506095722689@gitbox.apache.org>
From: git-site-role@apache.org
X-Git-Host: gitbox.apache.org
X-Git-Repo: activemq-website
X-Git-Refname: refs/heads/asf-site
X-Git-Reftype: branch
X-Git-Oldrev: 4ade48bc6c3d1fd3031c9464e9ad307635b4b8a9
X-Git-Newrev: 4c0a9c1cfbae476df5c219f51583a935a4cecaaf
X-Git-Rev: 4c0a9c1cfbae476df5c219f51583a935a4cecaaf
X-Git-NotificationType: ref_changed_plus_diff
X-Git-Multimail-Version: 1.5.dev
Auto-Submitted: auto-generated

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new 4c0a9c1  Automatic Site Publish by Buildbot
4c0a9c1 is described below

commit 4c0a9c1cfbae476df5c219f51583a935a4cecaaf
Author: buildbot <users@infra.apache.org>
AuthorDate: Thu Sep 10 04:22:34 2020 +0000

    Automatic Site Publish by Buildbot
---
 output/components/classic/security.html             |  1 +
 .../CVE-2020-13920-announcement.txt                 | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/output/components/classic/security.html b/output/components/classic/security.html
index cd6f6e6..b5cee72 100644
--- a/output/components/classic/security.html
+++ b/output/components/classic/security.html
@@ -97,6 +97,7 @@
 <p>See the main <a href="../../security-advisories">Security Advisories</a> page for details for other components and general information such as reporting new security issues.</p>
 
 <ul>
+  <li><a href="../../security-advisories.data/CVE-2020-13920-announcement.txt">CVE-2020-13920</a> - JMX MITM vulnerability</li>
   <li><a href="../../security-advisories.data/CVE-2020-1941-announcement.txt">CVE-2020-1941</a> - XSS in WebConsole</li>
   <li><a href="../../security-advisories.data/CVE-2019-0222-announcement.txt">CVE-2019-0222</a> - Corrupt MQTT frame can cause broker shutdown</li>
   <li><a href="../../security-advisories.data/CVE-2018-8006-announcement.txt">CVE-2018-8006</a> - ActiveMQ Web Console - Cross-Site Scripting</li>
diff --git a/output/security-advisories.data/CVE-2020-13920-announcement.txt b/output/security-advisories.data/CVE-2020-13920-announcement.txt
new file mode 100644
index 0000000..b201e34
--- /dev/null
+++ b/output/security-advisories.data/CVE-2020-13920-announcement.txt
@@ -0,0 +1,21 @@
+CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack
+
+Severity: Moderate
+
+Vendor: The Apache Software Foundation
+
+Affected Version: Apache ActiveMQ version prior to 5.15.12
+
+Vulnerability details:
+Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI
+registry and binds the server to the "jmxrmi" entry. It is possible
+to connect to the registry without authentication and call the rebind
+method to rebind jmxrmi to something else. If an attacker creates another
+server to proxy the original, and bound that, he effectively becomes a 
+man in the middle and is able to intercept the credentials when an user
+connects.
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.15.12
+
+Credit: Jonathan Gallimore & Colm O hEigeartaigh