ActiveMQ Vulnerability Exposes System Details via OpenWire Protocol
CVE-2017-15709

3.7LOW

Key Information:

Vendor
Apache
Status
Apache ActiveMQ
Vendor
CVE Published:
13 February 2018

Summary

A vulnerability within Apache ActiveMQ's OpenWire protocol allows certain system details, such as the operating system and kernel version, to be exposed in plain text. This could potentially lead to unauthorized access or exploitation by malicious entities. ActiveMQ versions ranging from 5.14.0 to 5.15.2 are affected by this issue, highlighting the importance of applying necessary patches to secure sensitive system information.

Affected Version(s)

Apache ActiveMQ Apache ActiveMQ 5.14.0 to 5.15.2

References

https://lists.apache.org/thread.html/2b6f04a552c6ec2de656...
x_refsource_MISC
https://lists.apache.org/thread.html/2b5c0039197a4949f29e...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/fcbe6ad00f1de142148c...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.