Описание
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| JBoss Developer Studio 11 | activemq | Out of support scope | ||
| Red Hat Decision Manager 7 | activemq-artemis | Not affected | ||
| Red Hat JBoss A-MQ 6 | activemq | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | activemq-artemis | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | activemq-artemis | Not affected | ||
| Red Hat JBoss Fuse 6 | activemq | Affected | ||
| Red Hat JBoss Fuse Service Works 6 | activemq | Out of support scope | ||
| Red Hat Process Automation 7 | activemq-artemis | Not affected | ||
| Red Hat Single Sign-On 7 | activemq-artemis | Not affected | ||
| Red Hat Virtualization 4 | eap7-activemq-artemis | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
TLS hostname verification when using the Apache ActiveMQ Client before ...
Improper Certificate Validation in Apache activemq-client
Уязвимость программной платформы Apache ActiveMQ, связанная с ошибками в настройках безопасности, позволяющая нарушителю реализовать атаку типа «человек посередине»
EPSS
6.8 Medium
CVSS3