Vulnerability in Apache Software Foundation Activemq
CVE-2017-15709
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
EPSS: 0.657 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Activemq — versions Apache ActiveMQ 5.14.0 to 5.15.2
Public proof-of-concept exploits
References
- lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b78… (x_refsource_MISC)
- [activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories (mailing-list, x_refsource_MLIST)
- [activemq-dev] 20190327 Re: Website (mailing-list, x_refsource_MLIST)
- [activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/ (mailing-list, x_refsource_MLIST)
- [activemq-dev] 20190328 Re: Website (mailing-list, x_refsource_MLIST)
- [activemq-gitbox] 20191021 [GitHub] [activemq-website] clebertsuconic commented on a change in pull request #17: Fix the ordering in the security advisories page (mailing-list, x_refsource_MLIST)
- [activemq-gitbox] 20191022 [GitHub] [activemq-website] coheigea commented on a change in pull request #17: Fix the ordering in the security advisories page (mailing-list, x_refsource_MLIST)
- [debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2017-15709?
- CVE-2017-15709 is a vulnerability in Apache Software Foundation Activemq. Published 2018-02-13.
- Is CVE-2017-15709 known to be exploited?
- 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.