CVE-2017-15709

3.7LOW

Key Information:

Vendor: Apache
Status: Apache ActiveMQ
Vendor: CVE Published:; 13 February 2018

Summary

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

Affected Version(s)

Apache ActiveMQ Apache ActiveMQ 5.14.0 to 5.15.2

References

https://lists.apache.org/thread.html/2b6f04a552c6ec2de656...

x_refsource_MISC

https://lists.apache.org/thread.html/2b5c0039197a4949f29e...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2018
Vulnerability Reserved
Oct 21, 2017