Date: Tue, 24 May 2016 10:41:08 +0200 From: Dejan Bosanac <dejan@...httale.net> To: "dev@...ivemq.apache.org" <dev@...ivemq.apache.org>, "users@...ivemq.apache.org" <users@...ivemq.apache.org>, Apache Security Response Team <security@...che.org>, oss-security@...ts.openwall.com, bugtraq@...urityfocus.com Subject: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web ap plication vulnerabilities There's a security vulnerability reported against Apache ActiveMQ 5.13.2 and older versions. Please check the following document and see if you’re affected by the issue. http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt Vulnerability is similar to the one reported in CVE-2015-1830 ( http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt). The fileserver web application will be removed in 5.14.0 release and users are advised not to use it and disable it in older versions. Regards -- Dejan Bosanac about.me/dejanb
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ