oss-sec mailing list archives
Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification
From: Christopher Shannon <christopher.l.shannon () gmail com>
Date: Mon, 10 Sep 2018 14:45:56 -0400
I just realized I had a typo in the announcement, the versions affected should be: Apache ActiveMQ 5.0.0 - 5.15.5 The file will be updated shortly. On Mon, Sep 10, 2018 at 2:40 PM Christopher Shannon <christopher.l.shannon () gmail com> wrote:
The following security vulnerability was reported against Apache ActiveMQ 5.15.5 and older versions. Please check the following document and see if you’re affected by the issue. http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt Apache ActiveMQ 5.15.6 has been released with appropriate fixes and is available for upgrade.
Current thread:
- [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
- Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
- Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Solar Designer (Sep 10)