Apache: >> Activemq >> 5.14.2 Security Vulnerabilities
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
CVSS Score
7.4
EPSS Score
0.009
Published
2018-09-10
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
CVSS Score
3.7
EPSS Score
0.657
Published
2018-02-13
Page 3