Описание
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 5.15.8-2~18.04 |
| cosmic | not-affected | 5.15.8-2~18.04 |
| devel | not-affected | 5.15.8-2 |
| disco | not-affected | 5.15.8-2 |
| eoan | not-affected | 5.15.8-2 |
| esm-apps/bionic | not-affected | 5.15.8-2~18.04 |
| esm-apps/focal | not-affected | 5.15.8-2 |
| esm-apps/jammy | not-affected | 5.15.8-2 |
| esm-apps/noble | not-affected | 5.15.8-2 |
| esm-apps/xenial | released | 5.13.2+dfsg-2ubuntu0.1~esm1 |
Показывать по
Ссылки на источники
EPSS
5.8 Medium
CVSS2
7.4 High
CVSS3
Связанные уязвимости
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
TLS hostname verification when using the Apache ActiveMQ Client before ...
Improper Certificate Validation in Apache activemq-client
Уязвимость программной платформы Apache ActiveMQ, связанная с ошибками в настройках безопасности, позволяющая нарушителю реализовать атаку типа «человек посередине»
EPSS
5.8 Medium
CVSS2
7.4 High
CVSS3