GoogleOSV:GHSA-7QM4-P377-FR2RActiveMQ's OpenWire protocol exposes certain system details as plain text
0.002 Low
EPSS
Percentile
55.4%
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
References
github.com/apache/activemq
github.com/apache/activemq/commit/8ff18c5e254bf43395f2e0d7e3a1092b33ec646
github.com/apache/activemq/commit/d2e49be3a8f21d862726c1f6bc9e1caa6ee8b58
issues.apache.org/jira/browse/AMQ-6871
lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E
lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E
lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E
lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E
lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E
lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E
lists.debian.org/debian-lts-announce/2021/03/msg00005.html
nvd.nist.gov/vuln/detail/CVE-2017-15709
Related
