activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Bain <tb...@alumni.duke.edu>
Subject Re: Java_December vulnerability
Date Tue, 08 Dec 2015 14:14:29 GMT
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
was a good (though repetitive) overview of the vulnerability, and of one
proposed fix (cracking open the commons-collections JAR and removing the
InvokerTransformer class).
On Dec 8, 2015 3:37 AM, "iali" <iali@arcsolutions.com> wrote:

> Thanks jahlborn,
>
> I am currently investigating this further to confirm if ActiveMQ 5.13.0 has
> got this impact or will it fix the CVE.
>
> For your reference I am mainly looking at following CVE:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8103
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852
>
>
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Java-December-vulnerability-tp4704610p4704758.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message