You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@activemq.apache.org by cs...@apache.org on 2016/03/17 16:37:44 UTC

svn commit: r983034 - /websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt

Author: cshannon
Date: Thu Mar 17 15:37:44 2016
New Revision: 983034

Log:
Updating typo in CVE-2016-0782-announcement.txt

Modified:
    websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt

Modified: websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
==============================================================================
--- websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt (original)
+++ websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt Thu Mar 17 15:37:44 2016
@@ -6,14 +6,14 @@ Vendor:
 The Apache Software Foundation
 
 Versions Affected:
-Apache ActiveMQ 5.0.0 - 5.13.1
+Apache ActiveMQ 5.0.0 - 5.13.0
 
 Description:
 Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia.
 
 
 Mitigation:
-Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.2
+Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.1
 
 Credit:
 This issue was discovered by Vladimir Ivanov (Positive Technologies)