CVE-2017-15709
published 2018-02-13CVE-2017-15709: When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed…
low3.7CVSS 3.0
AVNACHPRNUINSUCLINAN
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | activemq | >= 0 < 5.15.3-1 | 5.15.3-1 |
| apache | activemq | >= 0 < 5.15.3-1 | 5.15.3-1 |
| apache | activemq | >= 0 < 5.15.3-1 | 5.15.3-1 |
| apache | activemq | 5.14.0 – 5.15.2 | — |
| apache_software_foundation | apache_activemq | — | — |
| debian | activemq | < activemq 5.15.3-1 (bookworm) | activemq 5.15.3-1 (bookworm) |
CVSS provenance
nvdv3.03.7LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
osv3.7LOW