Description

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

Remediation

References

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89%40%3Cdev.activemq.apache.org%3E

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E

https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2%40%3Cgitbox.activemq.apache.org%3E

https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814%40%3Cgitbox.activemq.apache.org%3E

Related Vulnerabilities

CVE-2016-2164 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

CVE-2017-16064 Vulnerability in npm package node-openssl

CVE-2018-1999031 Vulnerability in maven package org.jenkins-ci.plugins:meliora-testlab

CVE-2011-2204 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2017-15696 Vulnerability in maven package org.apache.geode:geode-core

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N