CVE-2017-15709 - Information Leak Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache ActiveMQ 5.14.0 - 5.15.2 Description: When using the OpenWire protocol it was found that certain system details (such as the OS and kernel version) are exposed as plain text. Mitig...
Apache ActiveMQ默认消息队列61616端口对外,61616端口使用了OpenWire协议,这个端口会暴露服务器相关信息,这些相关信息实际上是debug信息。 会返回应用名称,JVM,操作系统以及内核版本等信息。 漏洞影响 apache-activemq-5.15.0 to apache-activemq-5.15.2 apache-activemq-5.14.0 to apache-activemq-5.14.5 网络测绘 fo...
References MITRE NVD Launchpad Debian Other references https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E https://www.cve.org/CVERecord?id=CVE-2017-15709