Download
| Alert*
|
CVE-2018-11775
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. CVE-2015-5182 Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. CVE-2015-5183 Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. CVE-2015-5184 Console: CORS headers set to allow all in Red Hat AMQ. |
