Apache: >> Activemq >> 5.14.1 Security Vulnerabilities
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
CVSS Score
7.4
EPSS Score
0.009
Published
2018-09-10
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
CVSS Score
3.7
EPSS Score
0.657
Published
2018-02-13
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.
CVSS Score
6.1
EPSS Score
0.015
Published
2018-01-10
Page 3