You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by Christopher Shannon <ch...@gmail.com> on 2018/02/13 12:06:47 UTC
[ANNOUNCE] CVE-2017-15709 - Information Leak
CVE-2017-15709 - Information Leak
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache ActiveMQ 5.14.0 - 5.15.2
Description:
When using the OpenWire protocol it was found that certain system
details (such as the OS and kernel version) are exposed as plain text.
Mitigation:
Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.15.3.
Credit:
This issue was discovered by QingTeng cloud Security of Minded
Security Researcher jianan.huang