Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Feb 2018 07:06:47 -0500
From: Christopher Shannon <christopher.l.shannon@...il.com>
To: dev@...ivemq.apache.org, users@...ivemq.apache.org, 
	The Apache Security Team <security@...che.org>, jianan huang <sevcks@...il.com>, oss-security@...ts.openwall.com
Subject: [ANNOUNCE] CVE-2017-15709 - Information Leak

CVE-2017-15709 - Information Leak

Severity: Low

Vendor:
The Apache Software Foundation

Versions Affected:
Apache ActiveMQ 5.14.0 - 5.15.2

Description:

When using the OpenWire protocol it was found that certain system
details (such as the OS and kernel version) are exposed as plain text.

Mitigation:

Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.15.3.

Credit:
This issue was discovered by QingTeng cloud Security of Minded
Security Researcher jianan.huang

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.