CVE-2017-15709

CWE-200 — Information Exposure8 documents7 sources

Severity

3.7LOW

EPSS

65.7%

top 1.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq Apache Software Foundation Apache Activemq

Timeline

PublishedFeb 13

Latest updateMay 13

Description

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages5 packages

▶Mavenorg.apache.activemq:activemq-openwire-generator5.14.0 — 5.15.3

▶CVEListV5apache_software_foundation/apache_activemqApache ActiveMQ 5.14.0 to 5.15.2

▶Mavenorg.apache.activemq:activemq-parent5.15.0 — 5.15.3+1

▶Debianactivemq< 5.15.3-1+2

▶NVDapache/activemq5.14.0 — 5.15.2

🔴Vulnerability Details

GHSA

ActiveMQ's OpenWire protocol exposes certain system details as plain text↗2022-05-13

▶

OSV

ActiveMQ's OpenWire protocol exposes certain system details as plain text↗2022-05-13

▶

OSV

CVE-2017-15709: When using the OpenWire protocol in ActiveMQ versions 5↗2018-02-13

▶

CVEList

CVE-2017-15709: When using the OpenWire protocol in ActiveMQ versions 5↗2018-02-13

▶

📋Vendor Advisories

Red Hat

activemq-openwire-generator: Information Exposure in ActiveMQ↗2018-02-13

▶

Debian

CVE-2017-15709: activemq - When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was fo...↗2017

▶

💬Community

Bugzilla

CVE-2017-15709 activemq-openwire-generator: Information Exposure in ActiveMQ↗2018-02-22

▶