oss-sec mailing list archives
Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities
From: Tim Bain <tbain () alumni duke edu>
Date: Tue, 24 May 2016 06:09:35 -0600
Does the range of versions specified mean that the issue is already addressed in 5.13.3, or was its omission from the range an oversight? Tim On May 24, 2016 2:41 AM, "Dejan Bosanac" <dejan () nighttale net> wrote:
There's a security vulnerability reported against Apache ActiveMQ 5.13.2 and older versions. Please check the following document and see if you’re affected by the issue. http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt Vulnerability is similar to the one reported in CVE-2015-1830 ( http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt ). The fileserver web application will be removed in 5.14.0 release and users are advised not to use it and disable it in older versions. Regards -- Dejan Bosanac about.me/dejanb
Current thread:
- [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Dejan Bosanac (May 24)
- Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Tim Bain (May 24)