Author: dkulp
Date: Wed Mar 27 11:55:08 2019
New Revision: 1042601
Log:
Add new sec-advisory
Modified:
websites/production/activemq/content/cache/main.pageCache
websites/production/activemq/content/security-advisories.html
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/activemq/content/security-advisories.html
==============================================================================
--- websites/production/activemq/content/security-advisories.html (original)
+++ websites/production/activemq/content/security-advisories.html Wed Mar 27
11:55:08 2019
@@ -71,7 +71,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2
id="SecurityAdvisories-ApacheActiveMQ">Apache ActiveMQ</h2><h3
id="SecurityAdvisories-2018">2018</h3><ul><li><p class="p1"><a shape="rect"
href="security-advisories.data/CVE-2018-8006-announcement.txt?version=1&modificationDate=1539165795000&api=v2"
data-linked-resource-id="95650396" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2018-8006-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2018-8006</a> - ActiveMQ
Web Console - Cross-Site Scripting</p></li><li><p class="p1"><span
class="s1"><a shape="rect"
href="security-advisories.data/CVE-2017-15709-announcement.txt?version=2&modificationDate=1518522887000&api=v2"
data-linked-resource-id="75968203" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2017-15709-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2017-15709</a> - Information
Leak</span></p></li><li><p class="p1"><span class="s1"><a shape="rect"
href="security-advisories.data/CVE-2018-11775-announcement.txt?version=2&modificationDate=1536605082000&api=v2"
data-linked-resource-id="91554156" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2018-11775-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2018-11775</a> - Missing
TLS Hostname Verification<br clear="none"></span></p></li></ul><h3
id="SecurityAdvisories-2017">2017</h3><ul><li><p class="p1"><span class="s1"><a
shape="rec
t"
href="security-advisories.data/CVE-2015-7559-announcement.txt?version=1&modificationDate=1493024710000&api=v2"
data-linked-resource-id="69407411" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-7559-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2015-7559</a> - DoS in
client via shutdown command</span></p></li></ul><h3
id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2016-6810-announcement.txt?version=2&modificationDate=1481290006000&api=v2"
data-linked-resource-id="67634297" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-6810-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-co
ntainer-id="51808957"
data-linked-resource-container-version="19">CVE-2016-6810</a> - ActiveMQ
Web Console - Cross-Site Scripting</li><li><a shape="rect"
href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&modificationDate=1457613666000&api=v2"
data-linked-resource-id="62687061" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-0734-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2016-0734</a> - ActiveMQ
Web Console - Clickjacking</li><li><a shape="rect"
href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&modificationDate=1458229308000&api=v2"
data-linked-resource-id="62687062" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-0782-announceme
nt.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2016-0782</a> - ActiveMQ
Web Console - Cross-Site Scripting</li><li><a shape="rect"
href="security-advisories.data/CVE-2016-3088-announcement.txt?version=5&modificationDate=1464092715000&api=v2"
data-linked-resource-id="63406525" data-linked-resource-version="5"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-3088-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2016-3088</a> - ActiveMQ
Fileserver web application vulnerabilities</li></ul><h3
id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2"
data-linked-resource-id="61331741" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-5254-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2015-5254</a> - Unsafe
deserialization in ActiveMQ</li><li><a shape="rect"
href="security-advisories.data/CVE-2015-1830-announcement.txt?version=2&modificationDate=1440426986000&api=v2"
data-linked-resource-id="61313840" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-1830-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2015-1830</a> - Path traversal
leading to unauthenticated RCE in ActiveMQ </li></ul><h3
id="SecurityAdvisorie
s-2014">2014</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&modificationDate=1446901063000&api=v2"
data-linked-resource-id="61327457" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3576-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2014-3576</a> - Remote
Unauthenticated Shutdown of Broker (DoS)</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2"
data-linked-resource-id="52035730" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3600-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id=
"51808957"
data-linked-resource-container-version="19">CVE-2014-3600</a> - Apache
ActiveMQ XXE with XPath selectors</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2"
data-linked-resource-id="52035731" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3612-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2014-3612</a> - ActiveMQ
JAAS: LDAPLoginModule allows empty password authentication and Wildcard
Interpretation</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2"
data-linked-resource-id="52035732" data-linked-resource-version="2"
data-linked-resource-type="attachment" data-linked-resourc
e-default-alias="CVE-2014-8110-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2014-8110</a> - <span
style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site
Scripting</span><span style="line-height: 1.4285715;"><br
clear="none"></span></li></ul><h2 id="SecurityAdvisories-ActiveMQApollo"><span
style="line-height: 1.4285715;">ActiveMQ Apollo</span></h2><h3
id="SecurityAdvisories-2014.1"><span style="line-height:
1.4285715;">2014</span></h3><ul><li><span style="line-height: 1.4285715;"><span
style="line-height: 1.4285715;"> </span></span><a shape="rect"
href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&modificationDate=1423054118000&api=v2"
data-linked-resource-id="52035737" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3579-announc
ement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="19">CVE-2014-3579</a><span
style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath
selectors</span></li></ul><p><span style="line-height:
1.4285715;"> </span></p></div>
+<div class="wiki-content maincontent"><h2
id="SecurityAdvisories-ApacheActiveMQ">Apache ActiveMQ</h2><h3
id="SecurityAdvisories-2019">2019</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2019-0222-announcement.txt?version=2&modificationDate=1553686600404&api=v2"
data-linked-resource-id="109454237" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2019-0222-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2019-0222</a> - Corrupt MQTT
frame can cause broker shutdown</li></ul><h3
id="SecurityAdvisories-2018">2018</h3><ul><li><p class="p1"><a shape="rect"
href="security-advisories.data/CVE-2018-8006-announcement.txt?version=1&modificationDate=1539165795000&api=v2"
data-linked-resource-id="95650396" data-linked-resource-version="1"
data-linked-resource-type="atta
chment" data-linked-resource-default-alias="CVE-2018-8006-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2018-8006</a> - ActiveMQ
Web Console - Cross-Site Scripting</p></li><li><p class="p1"><span
class="s1"><a shape="rect"
href="security-advisories.data/CVE-2017-15709-announcement.txt?version=2&modificationDate=1518522887000&api=v2"
data-linked-resource-id="75968203" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2017-15709-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2017-15709</a> - Information
Leak</span></p></li><li><p class="p1"><span class="s1"><a shape="rect"
href="security-advisories.data/CVE-2018-11775-announ
cement.txt?version=2&modificationDate=1536605082000&api=v2"
data-linked-resource-id="91554156" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2018-11775-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2018-11775</a> - Missing
TLS Hostname Verification<br clear="none"></span></p></li></ul><h3
id="SecurityAdvisories-2017">2017</h3><ul><li><p class="p1"><span class="s1"><a
shape="rect"
href="security-advisories.data/CVE-2015-7559-announcement.txt?version=1&modificationDate=1493024710000&api=v2"
data-linked-resource-id="69407411" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-7559-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-contain
er-id="51808957" data-linked-resource-container-version="21">CVE-2015-7559</a>
- DoS in client via shutdown command</span></p></li></ul><h3
id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2016-6810-announcement.txt?version=2&modificationDate=1481290006000&api=v2"
data-linked-resource-id="67634297" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-6810-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2016-6810</a> - ActiveMQ
Web Console - Cross-Site Scripting</li><li><a shape="rect"
href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&modificationDate=1457613666000&api=v2"
data-linked-resource-id="62687061" data-linked-resource-version="1"
data-linked-resource-type="attachment" data-link
ed-resource-default-alias="CVE-2016-0734-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2016-0734</a> - ActiveMQ
Web Console - Clickjacking</li><li><a shape="rect"
href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&modificationDate=1458229308000&api=v2"
data-linked-resource-id="62687062" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-0782-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2016-0782</a> - ActiveMQ
Web Console - Cross-Site Scripting</li><li><a shape="rect"
href="security-advisories.data/CVE-2016-3088-announcement.txt?version=5&modificationDate=1464092715000&api=v2"
data-linked
-resource-id="63406525" data-linked-resource-version="5"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2016-3088-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2016-3088</a> - ActiveMQ
Fileserver web application vulnerabilities</li></ul><h3
id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2"
data-linked-resource-id="61331741" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-5254-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2015-5254</a> - Unsafe
deserialization in ActiveMQ</
li><li><a shape="rect"
href="security-advisories.data/CVE-2015-1830-announcement.txt?version=2&modificationDate=1440426986000&api=v2"
data-linked-resource-id="61313840" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2015-1830-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2015-1830</a> - Path traversal
leading to unauthenticated RCE in ActiveMQ </li></ul><h3
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&modificationDate=1446901063000&api=v2"
data-linked-resource-id="61327457" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3576-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="te
xt/plain" data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2014-3576</a> - Remote
Unauthenticated Shutdown of Broker (DoS)</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2"
data-linked-resource-id="52035730" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3600-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2014-3600</a> - Apache
ActiveMQ XXE with XPath selectors</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2"
data-linked-resource-id="52035731" data-linked-resource-version="2"
data-linked-resource-type="attachment" data-linked-resource-de
fault-alias="CVE-2014-3612-announcement.txt" data-nice-type="Text File"
data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2014-3612</a> - ActiveMQ
JAAS: LDAPLoginModule allows empty password authentication and Wildcard
Interpretation</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2"
data-linked-resource-id="52035732" data-linked-resource-version="2"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-8110-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2014-8110</a> - <span
style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site
Scripting</span><span style="line-height: 1.4285715;"><br
clear="none"></span></li></ul><h
2 id="SecurityAdvisories-ActiveMQApollo"><span style="line-height:
1.4285715;">ActiveMQ Apollo</span></h2><h3 id="SecurityAdvisories-2014.1"><span
style="line-height: 1.4285715;">2014</span></h3><ul><li><span
style="line-height: 1.4285715;"><span style="line-height:
1.4285715;"> </span></span><a shape="rect"
href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&modificationDate=1423054118000&api=v2"
data-linked-resource-id="52035737" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3579-announcement.txt"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="51808957"
data-linked-resource-container-version="21">CVE-2014-3579</a><span
style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath
selectors</span></li></ul><p><span style="line-height:
1.4285715;"> </span></p></div>
</td>
<td valign="top">
<div class="navigation">
