CVE-2017-15709

Severity

3.7

Description

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue, or use a TLS-enabled transport method in place of the OpenWire protocol.

Related links:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15709

https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E

Project

Apache ActiveMQ

Category

Information Leak

Tags

data

Date Disclosed

2018-02-13

Date Discovered

2017-10-21

Apache TomEE 7.1.x

First release:

2018-09-02

0

Support Lifecycle:

Maintenance Support

Namespace:

javax

Apache TomEE 7.0.x

First release:

2016-05-17

0

Support Lifecycle:

Maintenance Support

Namespace:

javax

7.0.2 7.0.3 7.0.4 7.0.5 7.0.6 7.0.7 7.0.8 7.0.9

Apache ActiveMQ 5.15.x

First release:

2017-06-27

0

Support Lifecycle:

Maintenance Support

Namespace:

javax

5.15.0 5.15.1 5.15.2

Apache ActiveMQ 5.14.x

First release:

2016-08-02

0

Support Lifecycle:

Extended Support

Namespace:

javax

5.14.0 5.14.1 5.14.2 5.14.3 5.14.4 5.14.5

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.