Return-Path: 
 <users-return-43740-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org>
X-Original-To: apmail-activemq-users-archive@www.apache.org
Delivered-To: apmail-activemq-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0BE3910ED0
	for <apmail-activemq-users-archive@www.apache.org>;
 Tue,  8 Dec 2015 14:19:52 +0000 (UTC)
Received: (qmail 82374 invoked by uid 500); 8 Dec 2015 14:19:51 -0000
Delivered-To: apmail-activemq-users-archive@activemq.apache.org
Received: (qmail 82328 invoked by uid 500); 8 Dec 2015 14:19:51 -0000
Mailing-List: contact users-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@activemq.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@activemq.apache.org>
List-Post: <mailto:users@activemq.apache.org>
List-Id: <users.activemq.apache.org>
Reply-To: users@activemq.apache.org
Delivered-To: mailing list users@activemq.apache.org
Received: (qmail 82316 invoked by uid 99); 8 Dec 2015 14:19:51 -0000
Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Dec 2015 14:19:51 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org)
 with ESMTP id E8A69C0295
	for <users@activemq.apache.org>; Tue,  8 Dec 2015 14:19:50 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 4.565
X-Spam-Level: ****
X-Spam-Status: No, score=4.565 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	FREEMAIL_ENVFROM_END_DIGIT=0.25, HEADER_FROM_DIFFERENT_DOMAINS=0.001,
	HTML_MESSAGE=3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URI_HEX=1.313,
	URI_TRY_3LD=0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
 port 10024)
	with ESMTP id pCjHm9BsGDCL for <users@activemq.apache.org>;
	Tue,  8 Dec 2015 14:19:38 +0000 (UTC)
Received: from mail-ig0-f181.google.com (mail-ig0-f181.google.com
 [209.85.213.181])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTPS id E5F7820599
	for <users@activemq.apache.org>; Tue,  8 Dec 2015 14:19:37 +0000 (UTC)
Received: by igcto18 with SMTP id to18so17367952igc.0
        for <users@activemq.apache.org>; Tue, 08 Dec 2015 06:14:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date:message-id:subject
         :from:to:content-type;
        bh=cFvkMDAM8KjiHmZCba0IxPbpg+1iTv0B8NKPd0AMGQE=;
        b=bLoUuUJYmJ5V7vxo+oRHjkYX8mwmMXijEiiKARlrEyWKQrT62e5MTbA2BcIgR1+oRO
         /YeL9pXAoPhNqIaXeYXn8ZTzMoQzfc7D+V3HdPBAKARtcHDLBCBytPTUq6ccvX1rbFGx
         bv13H4Zx8XX0jmsFeurWsQVoYQtIYU1gLHeYcmVdXjFRSzwF2EGFyBQJraxB93oMB5Qz
         5SJJy8fNo3fq1BFvFpTo1xJrix9JcYUwL7rtVf3abcVVRv1uMhoQkPKiQ00JUuir4Eur
         bmfSn8qZyXnhAZFmTdrNV2QmTk4mzX9HO1E2a6l/zAd8a1LsoqV0UXxlgdYNH9gCcrvr
         dJPQ==
MIME-Version: 1.0
X-Received: by 10.50.73.9 with SMTP id h9mr3766605igv.41.1449584069868; Tue,
 08 Dec 2015 06:14:29 -0800 (PST)
Sender: tbain98@gmail.com
Received: by 10.50.28.18 with HTTP; Tue, 8 Dec 2015 06:14:29 -0800 (PST)
Received: by 10.50.28.18 with HTTP; Tue, 8 Dec 2015 06:14:29 -0800 (PST)
In-Reply-To: <1449569738665-4704758.post@n4.nabble.com>
References: <1449244002189-4704610.post@n4.nabble.com>
	<1449251175536-4704615.post@n4.nabble.com>
	<1449569738665-4704758.post@n4.nabble.com>
Date: Tue, 8 Dec 2015 07:14:29 -0700
X-Google-Sender-Auth: aJji-tDIHN1BFQKg1CnQj70Nlro
Message-ID: 
 <CAPVVMa9dmi3qDkuKwNcZ2NtahQm6WMq+DYtVxkpQe8B2M4ZnOg@mail.gmail.com>
Subject: Re: Java_December vulnerability
From: Tim Bain <tbain@alumni.duke.edu>
To: ActiveMQ Users <users@activemq.apache.org>
Content-Type: multipart/alternative; boundary=089e013a01428e86340526639725

--089e013a01428e86340526639725
Content-Type: text/plain; charset=UTF-8

http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
was a good (though repetitive) overview of the vulnerability, and of one
proposed fix (cracking open the commons-collections JAR and removing the
InvokerTransformer class).
On Dec 8, 2015 3:37 AM, "iali" <iali@arcsolutions.com> wrote:

> Thanks jahlborn,
>
> I am currently investigating this further to confirm if ActiveMQ 5.13.0 has
> got this impact or will it fix the CVE.
>
> For your reference I am mainly looking at following CVE:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8103
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852
>
>
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Java-December-vulnerability-tp4704610p4704758.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

--089e013a01428e86340526639725--