You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cs...@apache.org on 2016/03/17 16:37:44 UTC
svn commit: r983034 -
/websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
Author: cshannon
Date: Thu Mar 17 15:37:44 2016
New Revision: 983034
Log:
Updating typo in CVE-2016-0782-announcement.txt
Modified:
websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
Modified: websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
==============================================================================
--- websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt (original)
+++ websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt Thu Mar 17 15:37:44 2016
@@ -6,14 +6,14 @@ Vendor:
The Apache Software Foundation
Versions Affected:
-Apache ActiveMQ 5.0.0 - 5.13.1
+Apache ActiveMQ 5.0.0 - 5.13.0
Description:
Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia.
Mitigation:
-Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.2
+Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.1
Credit:
This issue was discovered by Vladimir Ivanov (Positive Technologies)