CVE-2018-11775
UNKNOWN
Published 2018-09-10T20:00:00Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2018-11775. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
HIGH
Improper Certificate Validation in Apache activemq-client
GHSA-m9w8-v359-9ffrAdvisory Details
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
Affected Packages
Maven
org.apache.activemq:activemq-client
ECOSYSTEM:
≥0
<5.15.6
CVSS Scoring
CVSS Score
7.5
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: October 19, 2018, Modified: November 17, 2022
References
Published: 2018-09-10T20:00:00Z
Last Modified: 2024-09-16T16:23:47.592Z
Copied to clipboard!