Описание
ActiveMQ's OpenWire protocol exposes certain system details as plain text
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-15709
- https://github.com/apache/activemq/commit/8ff18c5e254bf43395f2e0d7e3a1092b33ec646
- https://github.com/apache/activemq/commit/d2e49be3a8f21d862726c1f6bc9e1caa6ee8b58
- https://issues.apache.org/jira/browse/AMQ-6871
- https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E
- https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E
- https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E
- https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html
Пакеты
org.apache.activemq:activemq-openwire-generator
>= 5.14.0, < 5.15.3
5.15.3
org.apache.activemq:activemq-parent
>= 5.15.0, < 5.15.3
5.15.3
org.apache.activemq:activemq-parent
>= 5.14.0, < 5.14.6
5.14.6
Связанные уязвимости
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...