Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-6995

ActiveMQ 5.15.4 activemq-ra-5.15.4.jar which has two high severity CVEs against it.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Invalid
    • Affects Version/s: 5.15.4
    • Fix Version/s: None
    • Component/s: Web Console
    • Labels:
      None
    • Environment:

      Description

      CVE-2015-5183   Severity:High  CVSS Score: 7.5 (AV:N/AC:L/Au:N/C/I/A)
      CWE: CWE-254 Security Features
      The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
      CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1249182
      Vulnerable Software & Versions:
      cpe:/a:apache:activemq:-

      CVE-2015-5184 Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C/I/A)
      CWE: CWE-254 Security Features
      The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.
      CONFIRM - https://bugzilla.redhat.c

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              ABakerIII Albert Baker
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: