[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CACHnxzwtXFy7YPD1w2w+NT1yRuXP2f6S5WExFqZCz=yHGRuVww@mail.gmail.com>
Date: Tue, 13 Feb 2018 07:06:47 -0500
From: Christopher Shannon <christopher.l.shannon@...il.com>
To: dev@...ivemq.apache.org, users@...ivemq.apache.org,
The Apache Security Team <security@...che.org>, jianan huang <sevcks@...il.com>, oss-security@...ts.openwall.com
Subject: [ANNOUNCE] CVE-2017-15709 - Information Leak
CVE-2017-15709 - Information Leak
Severity: Low
Vendor:
The Apache Software Foundation
Versions Affected:
Apache ActiveMQ 5.14.0 - 5.15.2
Description:
When using the OpenWire protocol it was found that certain system
details (such as the OS and kernel version) are exposed as plain text.
Mitigation:
Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.15.3.
Credit:
This issue was discovered by QingTeng cloud Security of Minded
Security Researcher jianan.huang
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
