activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From beku <>
Subject Activemq bundled Jetty Jetleak vulnerability
Date Tue, 27 Sep 2016 14:55:12 GMT
Hi everybody,

it seems the Jetty server bundled with the latest activemq release (5.14.0)
is prone to the jetleak vulnerability mentioned in CVE-2015-2080 and here:

When exploiting the issue mentioned, the whole activemq instance seems to
crash sometimes.
This is especially cumbersome when you are on a large network and your
production activemq instances are constantly crashed by "vulnerability

Is this already known by the devs and will there be an update to activemq
with a non vulnerable version of jetty?

Many Thanks,

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message