activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <tb...@alumni.duke.edu>
Subject Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities
Date Tue, 24 May 2016 12:09:35 GMT
Does the range of versions specified mean that the issue is already
addressed in 5.13.3, or was its omission from the range an oversight?

Tim
On May 24, 2016 2:41 AM, "Dejan Bosanac" <dejan@nighttale.net> wrote:

> There's a security vulnerability reported against Apache
> ActiveMQ 5.13.2 and older versions.
>
> Please check the following document and see if you’re affected by the
> issue.
>
>
> http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
>
> Vulnerability is similar to the one reported in CVE-2015-1830 (
>
> http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
> ).
> The fileserver web application will be removed in 5.14.0 release and users
> are advised not to use it and disable it in older versions.
>
> Regards
> --
> Dejan Bosanac
> about.me/dejanb
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message