You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2019/10/12 06:23:00 UTC

[jira] [Assigned] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar

     [ https://issues.apache.org/jira/browse/AMQ-7310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré reassigned AMQ-7310:
-----------------------------------------

    Assignee: Jean-Baptiste Onofré

> Security Vulnerabilities in Tomcat-websocket-api.jar
> ----------------------------------------------------
>
>                 Key: AMQ-7310
>                 URL: https://issues.apache.org/jira/browse/AMQ-7310
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.15.10
>            Reporter: Harish Kumar
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>
> Activemq has *tomcat-websocket-api-8.0.53.jar* dependency.
> This jar is vulnerable to below CVE's: *CVE-2016-5388, CVE-2016-5425,CVE-2017-6056.*
> Ref: [https://nvd.nist.gov/vuln/detail/CVE-2016-5388]
> This jar needs to be updated to {color:#172b4d}9.0.21 or latest available{color}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)