Author: buildbot Date: Fri Dec 9 13:22:58 2016 New Revision: 1002500 Log: Production update by buildbot for activemq
Added: websites/production/activemq/content/security-advisories.data/CVE-2016-6810-announcement.txt Modified: websites/production/activemq/content/cache/main.pageCache websites/production/activemq/content/security-advisories.data/CVE-2016-3088-announcement.txt websites/production/activemq/content/security-advisories.html Modified: websites/production/activemq/content/cache/main.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/activemq/content/security-advisories.data/CVE-2016-3088-announcement.txt ============================================================================== --- websites/production/activemq/content/security-advisories.data/CVE-2016-3088-announcement.txt (original) +++ websites/production/activemq/content/security-advisories.data/CVE-2016-3088-announcement.txt Fri Dec 9 13:22:58 2016 @@ -5,7 +5,7 @@ Vendor: The Apache Software Foundation Versions Affected: -Apache ActiveMQ 5.0.0 - 5.13.2 +Apache ActiveMQ 5.0.0 - 5.13.x Description: Added: websites/production/activemq/content/security-advisories.data/CVE-2016-6810-announcement.txt ============================================================================== --- websites/production/activemq/content/security-advisories.data/CVE-2016-6810-announcement.txt (added) +++ websites/production/activemq/content/security-advisories.data/CVE-2016-6810-announcement.txt Fri Dec 9 13:22:58 2016 @@ -0,0 +1,19 @@ +CVE-2016-6810: ActiveMQ Web Console - Cross-Site Scripting + +Severity: Important + +Vendor: +The Apache Software Foundation + +Versions Affected: +Apache ActiveMQ 5.0.0 - 5.14.1 + +Description: +An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. + + +Mitigation: +Upgrade to Apache ActiveMQ 5.14.2 + +Credit: +This issue was discovered by Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. and was reported byJPCERT/CC. Modified: websites/production/activemq/content/security-advisories.html ============================================================================== --- websites/production/activemq/content/security-advisories.html (original) +++ websites/production/activemq/content/security-advisories.html Fri Dec 9 13:22:58 2016 @@ -72,7 +72,7 @@ <tbody> <tr> <td valign="top" width="100%"> -<div class="wiki-content maincontent"><h2 id="SecurityAdvisories-ApacheActiveMQ">Apache ActiveMQ</h2><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&modificationDate=1457613666000&api=v2" data-linked-resource-id="62687061" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-0734-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2016-0734</a> - ActiveMQ Web Console - Clickjacking</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&modificationDate=1458229308000&api=v2" data-linked-resource-id="62687062" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-0782-announc ement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2016-0782</a> - ActiveMQ Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-3088-announcement.txt?version=4&modificationDate=1464022661036&api=v2" data-linked-resource-id="63406525" data-linked-resource-version="4" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-3088-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2016-3088</a> - ActiveMQ Fileserver web application vulnerabilities</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v 2" data-linked-resource-id="61331741" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5254-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2015-5254</a> - Unsafe deserialization in ActiveMQ</li><li><a shape="rect" href="security-advisories.data/CVE-2015-1830-announcement.txt?version=2&modificationDate=1440426986000&api=v2" data-linked-resource-id="61313840" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-1830-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2015-1830</a> - Path traversal leading to unauthenticated RCE in ActiveMQ </li></ul><h3 id="SecurityAdviso ries-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&modificationDate=1446901063000&api=v2" data-linked-resource-id="61327457" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3576-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2014-3576</a> - Remote Unauthenticated Shutdown of Broker (DoS)</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2" data-linked-resource-id="52035730" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3600-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container- id="51808957" data-linked-resource-container-version="10">CVE-2014-3600</a> - Apache ActiveMQ XXE with XPath selectors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2" data-linked-resource-id="52035731" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3612-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2014-3612</a> - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li><li><a shape="rect" href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2" data-linked-resource-id="52035732" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-reso urce-default-alias="CVE-2014-8110-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2014-8110</a> - <span style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site Scripting</span><span style="line-height: 1.4285715;"><br clear="none"></span></li></ul><h2 id="SecurityAdvisories-ActiveMQApollo"><span style="line-height: 1.4285715;">ActiveMQ Apollo</span></h2><h3 id="SecurityAdvisories-2014.1"><span style="line-height: 1.4285715;">2014</span></h3><ul><li><span style="line-height: 1.4285715;"><span style="line-height: 1.4285715;"> </span></span><a shape="rect" href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&modificationDate=1423054118000&api=v2" data-linked-resource-id="52035737" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3579-anno uncement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="10">CVE-2014-3579</a><span style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath selectors</span></li></ul><p><span style="line-height: 1.4285715;"> </span></p></div> +<div class="wiki-content maincontent"><h2 id="SecurityAdvisories-ApacheActiveMQ">Apache ActiveMQ</h2><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2016-6810-announcement.txt?version=1&modificationDate=1481288563507&api=v2" data-linked-resource-id="67634297" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-6810-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2016-6810</a> - ActiveMQ Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&modificationDate=1457613666000&api=v2" data-linked-resource-id="62687061" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-0734 -announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2016-0734</a> - ActiveMQ Web Console - Clickjacking</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&modificationDate=1458229308000&api=v2" data-linked-resource-id="62687062" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-0782-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2016-0782</a> - ActiveMQ Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-3088-announcement.txt?version=5&modificationDate=1464092715000&api=v2" data-linked-resource-id="63406525" data-linked-reso urce-version="5" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-3088-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2016-3088</a> - ActiveMQ Fileserver web application vulnerabilities</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2" data-linked-resource-id="61331741" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5254-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2015-5254</a> - Unsafe deserialization in ActiveMQ</li><li><a shape="rect" href="security-ad visories.data/CVE-2015-1830-announcement.txt?version=2&modificationDate=1440426986000&api=v2" data-linked-resource-id="61313840" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-1830-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2015-1830</a> - Path traversal leading to unauthenticated RCE in ActiveMQ </li></ul><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&modificationDate=1446901063000&api=v2" data-linked-resource-id="61327457" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3576-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container -id="51808957" data-linked-resource-container-version="11">CVE-2014-3576</a> - Remote Unauthenticated Shutdown of Broker (DoS)</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2" data-linked-resource-id="52035730" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3600-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2014-3600</a> - Apache ActiveMQ XXE with XPath selectors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2" data-linked-resource-id="52035731" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3612-announcement. txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2014-3612</a> - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li><li><a shape="rect" href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2" data-linked-resource-id="52035732" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-8110-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="11">CVE-2014-8110</a> - <span style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site Scripting</span><span style="line-height: 1.4285715;"><br clear="none"></span></li></ul><h2 id="SecurityAdvisories-ActiveMQApollo" ><span style="line-height: 1.4285715;">ActiveMQ Apollo</span></h2><h3 >id="SecurityAdvisories-2014.1"><span style="line-height: >1.4285715;">2014</span></h3><ul><li><span style="line-height: >1.4285715;"><span style="line-height: 1.4285715;"> </span></span><a >shape="rect" >href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&modificationDate=1423054118000&api=v2" > data-linked-resource-id="52035737" data-linked-resource-version="1" >data-linked-resource-type="attachment" >data-linked-resource-default-alias="CVE-2014-3579-announcement.txt" >data-nice-type="Text File" data-linked-resource-content-type="text/plain" >data-linked-resource-container-id="51808957" >data-linked-resource-container-version="11">CVE-2014-3579</a><span >style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath >selectors</span></li></ul><p><span style="line-height: >1.4285715;"> </span></p></div> </td> <td valign="top"> <div class="navigation">