CVE-2018-11775
published 2018-09-10CVE-2018-11775: TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a…
high7.4CVSS 3.0
AVNACHPRNUINSUCHIHAN
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | activemq | < 5.15.6 | 5.15.6 |
| apache | activemq | >= 0 < 5.15.6-1 | 5.15.6-1 |
| apache | activemq | >= 0 < 5.15.6-1 | 5.15.6-1 |
| apache | activemq | >= 0 < 5.15.6-1 | 5.15.6-1 |
| apache | activemq | >= 0 < 5.13.2+dfsg-2ubuntu0.1~esm1 | 5.13.2+dfsg-2ubuntu0.1~esm1 |
| apache | activemq | >= 0 < 5.15.8-2~18.04.1~esm1 | 5.15.8-2~18.04.1~esm1 |
| apache | activemq | >= 0 < 5.15.11-1ubuntu0.1~esm1 | 5.15.11-1ubuntu0.1~esm1 |
| apache | activemq | >= 0 < 5.16.1-1ubuntu0.1~esm1 | 5.16.1-1ubuntu0.1~esm1 |
| apache_software_foundation | apache_activemq | — | — |
| debian | activemq | < activemq 5.15.6-1 (bookworm) | activemq 5.15.6-1 (bookworm) |
| oracle | enterprise_repository | — | — |
| oracle | flexcube_private_banking | — | — |
| oracle | flexcube_private_banking | — | — |
| oracle | flexcube_private_banking | — | — |
| oracle | flexcube_private_banking | — | — |
| oracle | flexcube_private_banking | — | — |
CVSS provenance
nvdv3.07.4HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.4HIGH