Date: Tue, 13 Feb 2018 07:06:47 -0500 From: Christopher Shannon <christopher.l.shannon@...il.com> To: dev@...ivemq.apache.org, users@...ivemq.apache.org, The Apache Security Team <security@...che.org>, jianan huang <sevcks@...il.com>, oss-security@...ts.openwall.com Subject: [ANNOUNCE] CVE-2017-15709 - Information Leak CVE-2017-15709 - Information Leak Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache ActiveMQ 5.14.0 - 5.15.2 Description: When using the OpenWire protocol it was found that certain system details (such as the OS and kernel version) are exposed as plain text. Mitigation: Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.15.3. Credit: This issue was discovered by QingTeng cloud Security of Minded Security Researcher jianan.huang
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ