Date: Tue, 13 Feb 2018 07:06:47 -0500 From: Christopher Shannon <christopher.l.shannon@...il.com> To: dev@...ivemq.apache.org, users@...ivemq.apache.org, The Apache Security Team <security@...che.org>, jianan huang <sevcks@...il.com>, oss-security@...ts.openwall.com Subject: [ANNOUNCE] CVE-2017-15709 - Information Leak CVE-2017-15709 - Information Leak Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache ActiveMQ 5.14.0 - 5.15.2 Description: When using the OpenWire protocol it was found that certain system details (such as the OS and kernel version) are exposed as plain text. Mitigation: Use a TLS enabled transport or upgrade to Apache ActiveMQ 5.15.3. Credit: This issue was discovered by QingTeng cloud Security of Minded Security Researcher jianan.huang
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.