NotCVE - vendor:"Apache" product:"Activemq" version:" >= 5.14.0 <= 5.15.2"

Page 2 of 13 results (0.003 seconds)

CVSS: 4.3EPSS: 65%CPEs: 1EXPL: 0

CVE-2017-15709

https://notcve.org/view.php?id=CVE-2017-15709

13 Feb 2018 — When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. Al utilizar el protocolo OpenWire en ActiveMQ, versiones 5.14.0 a 5.15.2, se ha descubierto que ciertos detalles del sistema (como el sistema operativo y la versión del kernel) se exponen en texto plano. • https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0

CVE-2016-6810

https://notcve.org/view.php?id=CVE-2016-6810

10 Jan 2018 — In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. En Apache ActiveMQ en versiones 5.x anteriores a la 5.14.2, se ha identificado una instancia de una vulnerabilidad Cross-Site Scripting (XSS) que está presente en la consola de administración web. La causa del problema es la validación incorrecta de los datos de salida del usuario. • http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 10

CVE-2016-3088 – Apache ActiveMQ Improper Input Validation Vulnerability

https://notcve.org/view.php?id=CVE-2016-3088

24 May 2016 — The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. La aplicación web Fileserver en Apache ActiveMQ 5.x en versiones anteriores a 5.14.0 permite a atacantes remotos cargar y ejecutar archivos arbitrarios a través de un PUT HTTP seguido de una petición MOVE HTTP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache ActiveMQ. Auth... • https://packetstorm.news/files/id/143191 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •

1 2