You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by Dejan Bosanac <de...@nighttale.net> on 2016/05/24 08:41:08 UTC

[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities

There's a security vulnerability reported against Apache
ActiveMQ 5.13.2 and older versions.

Please check the following document and see if you’re affected by the issue.

http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt

Vulnerability is similar to the one reported in CVE-2015-1830 (
http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt).
The fileserver web application will be removed in 5.14.0 release and users
are advised not to use it and disable it in older versions.

Regards
--
Dejan Bosanac
about.me/dejanb

Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities

Posted by Tim Bain <tb...@alumni.duke.edu>.

Does the range of versions specified mean that the issue is already
addressed in 5.13.3, or was its omission from the range an oversight?

Tim
On May 24, 2016 2:41 AM, "Dejan Bosanac" <de...@nighttale.net> wrote:

> There's a security vulnerability reported against Apache
> ActiveMQ 5.13.2 and older versions.
>
> Please check the following document and see if you’re affected by the
> issue.
>
>
> http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
>
> Vulnerability is similar to the one reported in CVE-2015-1830 (
>
> http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
> ).
> The fileserver web application will be removed in 5.14.0 release and users
> are advised not to use it and disable it in older versions.
>
> Regards
> --
> Dejan Bosanac
> about.me/dejanb
>

Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities

Posted by Tim Bain <tb...@alumni.duke.edu>.

Does the range of versions specified mean that the issue is already
addressed in 5.13.3, or was its omission from the range an oversight?

Tim
On May 24, 2016 2:41 AM, "Dejan Bosanac" <de...@nighttale.net> wrote:

> There's a security vulnerability reported against Apache
> ActiveMQ 5.13.2 and older versions.
>
> Please check the following document and see if you’re affected by the
> issue.
>
>
> http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
>
> Vulnerability is similar to the one reported in CVE-2015-1830 (
>
> http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
> ).
> The fileserver web application will be removed in 5.14.0 release and users
> are advised not to use it and disable it in older versions.
>
> Regards
> --
> Dejan Bosanac
> about.me/dejanb
>

[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities﻿

Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities﻿

Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities﻿

[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities

Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities

Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities