activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Shannon <christopher.l.shan...@gmail.com>
Subject [ANNOUNCE] CVE-2017-15709 - Information Leak
Date Tue, 13 Feb 2018 12:06:47 GMT
CVE-2017-15709 - Information Leak

Severity: Low

Vendor:
The Apache Software Foundation

Versions Affected:
Apache ActiveMQ 5.14.0 - 5.15.2

Description:

When using the OpenWire protocol it was found that certain system
details (such as the OS and kernel version) are exposed as plain text.

Mitigation:

Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.15.3.

Credit:
This issue was discovered by QingTeng cloud Security of Minded
Security Researcher jianan.huang

Mime
View raw message