LOW 3.7 Maven
ActiveMQ's OpenWire protocol exposes certain system details as plain text
GHSA-7qm4-p377-fr2r · CVE-2017-15709
Published · Modified
Description
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-15709
- WEB https://github.com/apache/activemq/commit/8ff18c5e254bf43395f2e0d7e3a1092b33ec646
- WEB https://github.com/apache/activemq/commit/d2e49be3a8f21d862726c1f6bc9e1caa6ee8b58
- PACKAGE https://github.com/apache/activemq
- WEB https://issues.apache.org/jira/browse/AMQ-6871
- WEB https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E
- WEB https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes