You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Albert Baker (JIRA)" <ji...@apache.org> on 2018/06/15 15:16:00 UTC

[jira] [Created] (AMQ-6995) ActiveMQ 5.15.4 activemq-ra-5.15.4.jar which has two high severity CVEs against it.

Albert Baker created AMQ-6995:
---------------------------------

             Summary: ActiveMQ 5.15.4 activemq-ra-5.15.4.jar which has two high severity CVEs against it.
                 Key: AMQ-6995
                 URL: https://issues.apache.org/jira/browse/AMQ-6995
             Project: ActiveMQ
          Issue Type: Bug
          Components: webconsole
    Affects Versions: 5.15.4
         Environment: Environment: Customer environment is a mix of Linux and Windows, Gig-LAN (Medical & Finacial services).  Will not accept the risk of having even one high severity CVE in thier environment. The cost of (SOX/HIPPA) insurence is too high to allow even one CVE with newly deployed systems.
            Reporter: Albert Baker


CVE-2015-5183   Severity:High  CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-254 Security Features
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1249182
Vulnerable Software & Versions:
cpe:/a:apache:activemq:-


CVE-2015-5184 Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-254 Security Features
The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.
CONFIRM - https://bugzilla.redhat.c



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)