CVE-2017-15709
LOW3.7EPSS 65.7%activemq - security update
發布日:2022/5/13修改日:2026/4/28
描述
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
受影響套件(4)
- Debian/activemqfrom 0, < 5.15.3-1
- Debian/activemqfrom 0, < 5.14.3-3+deb9u2
- Maven/org.apache.activemq:activemq-openwire-generator>= 5.14.0, < 5.15.3
- Maven/org.apache.activemq:activemq-parent>= 5.15.0, < 5.15.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
參考連結(14)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-15709
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2017-15709
- PATCHhttps://github.com/apache/activemq
- WEBhttps://github.com/apache/activemq/commit/8ff18c5e254bf43395f2e0d7e3a1092b33ec646
- WEBhttps://github.com/apache/activemq/commit/d2e49be3a8f21d862726c1f6bc9e1caa6ee8b58
- WEBhttps://issues.apache.org/jira/browse/AMQ-6871
- WEBhttps://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E
- WEBhttps://lists.debian.org/debian-lts-announce/2021/03/msg00005.html