Skip to main content

CVE-2018-11775

Severity

5.9

Description

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Project

Apache TomEE

Apache ActiveMQ

Category
Missing TLS Hostname Verification
Tags
data
Date Disclosed

2018-09-10

Date Discovered

2018-06-05

Apache TomEE 7.1.x

First release:
2018-09-02
CVEs:
68
Support Lifecycle:
Namespace:
javax

Apache TomEE 7.0.x

First release:
2016-05-17
CVEs:
100
Support Lifecycle:
Namespace:
javax

Apache ActiveMQ 5.15.x

First release:
2017-06-27
CVEs:
24
Support Lifecycle:
Namespace:
javax

Apache ActiveMQ 5.14.x

First release:
2016-08-02
CVEs:
23
Support Lifecycle:
Namespace:
javax

Apache ActiveMQ 5.13.x

First release:
2015-11-30
CVEs:
22
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.7.x

First release:
2014-08-09
CVEs:
87
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.6.x

First release:
2013-11-17
CVEs:
101
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.5.x

First release:
2012-09-28
CVEs:
111
Support Lifecycle:
Namespace:
javax

Apache TomEE 1.0.x

First release:
2012-04-27
CVEs:
121
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.