oss-sec mailing list archives

[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities

From: Dejan Bosanac <dejan () nighttale net>
Date: Tue, 24 May 2016 10:41:08 +0200

There's a security vulnerability reported against Apache
ActiveMQ 5.13.2 and older versions.

Please check the following document and see if you’re affected by the issue.

http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt

Vulnerability is similar to the one reported in CVE-2015-1830 (
http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt).
The fileserver web application will be removed in 5.14.0 release and users
are advised not to use it and disable it in older versions.

Regards
--
Dejan Bosanac
about.me/dejanb

Current thread:

[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Dejan Bosanac (May 24)
- Re: [ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities Tim Bain (May 24)

oss-sec mailing list archives

[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities﻿

Current thread:

[ANNOUNCE] CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities