TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

Affected Packages

Maven org.apache.activemq:activemq-client

Affected versions: 0 (fixed in 5.15.6)

Related CVEs

CVE-2018-11775

Key Information

GHSA ID

GHSA-m9w8-v359-9ffr

Published

October 19, 2018 4:42 PM

Last Modified

November 17, 2022 7:38 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.activemq:activemq-client

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.