RE: CVE-2016-3088
Hello Cesar, Yes we declare it in the allowlist. The tool used is Grype. Best Regards. -Original Message- From: Cesar Hernandez Sent: mardi 31 janvier 2023 00:03 To: users@tomee.apache.org Subject: Re: CVE-2016-3088 @Francois What vulnerability scan are you using? maybe you can file this as a false positive in the scanner project. El vie, 27 ene 2023 a las 13:34, Richard Zowalla () escribió: > TomEE relies on activemq 5.16.5. > > According to [1], the fileserver was removed with 5.14.0. > > Gruß > Richard > > [1] > > https://activemq.apache.org/security-advisories.data/CVE-2016-3088-ann > ouncement.txt > > Am Freitag, dem 27.01.2023 um 18:05 + schrieb COURTAULT Francois: > > Hello everyone, > > > > We scan the vulnerabilities in TomEE Plus 8.0.14 and we have > > discovered the following CVE: CVE-2016-3088 which prevent us to use > > this version :( It seems it is due to activemq-protobuf-1.1.jar. > > > > The question: Is the ActiveMQ Fileserver web application deployed in > > TomEE 8.0.14 and TomEE 9.0.0 ? > > If not the CVE-2016-3088 doesn't affect TomEE 8.0.14 and 9.0.0, > > right ? > > > > Best Regards. > > > > > > > > -- Atentamente: César Hernández.
Re: CVE-2016-3088
@Francois What vulnerability scan are you using? maybe you can file this as a false positive in the scanner project. El vie, 27 ene 2023 a las 13:34, Richard Zowalla () escribió: > TomEE relies on activemq 5.16.5. > > According to [1], the fileserver was removed with 5.14.0. > > Gruß > Richard > > [1] > > https://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt > > Am Freitag, dem 27.01.2023 um 18:05 + schrieb COURTAULT Francois: > > Hello everyone, > > > > We scan the vulnerabilities in TomEE Plus 8.0.14 and we have > > discovered the following CVE: CVE-2016-3088 which prevent us to use > > this version :( > > It seems it is due to activemq-protobuf-1.1.jar. > > > > The question: Is the ActiveMQ Fileserver web application deployed in > > TomEE 8.0.14 and TomEE 9.0.0 ? > > If not the CVE-2016-3088 doesn't affect TomEE 8.0.14 and 9.0.0, right > > ? > > > > Best Regards. > > > > > > > > -- Atentamente: César Hernández.
Re: CVE-2016-3088
TomEE relies on activemq 5.16.5. According to [1], the fileserver was removed with 5.14.0. Gruß Richard [1] https://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt Am Freitag, dem 27.01.2023 um 18:05 + schrieb COURTAULT Francois: > Hello everyone, > > We scan the vulnerabilities in TomEE Plus 8.0.14 and we have > discovered the following CVE: CVE-2016-3088 which prevent us to use > this version :( > It seems it is due to activemq-protobuf-1.1.jar. > > The question: Is the ActiveMQ Fileserver web application deployed in > TomEE 8.0.14 and TomEE 9.0.0 ? > If not the CVE-2016-3088 doesn't affect TomEE 8.0.14 and 9.0.0, right > ? > > Best Regards. > > >
CVE-2016-3088
Hello everyone, We scan the vulnerabilities in TomEE Plus 8.0.14 and we have discovered the following CVE: CVE-2016-3088 which prevent us to use this version :( It seems it is due to activemq-protobuf-1.1.jar. The question: Is the ActiveMQ Fileserver web application deployed in TomEE 8.0.14 and TomEE 9.0.0 ? If not the CVE-2016-3088 doesn't affect TomEE 8.0.14 and 9.0.0, right ? Best Regards.