TomEE relies on activemq 5.16.5. According to [1], the fileserver was removed with 5.14.0.
Gruß Richard [1] https://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt Am Freitag, dem 27.01.2023 um 18:05 +0000 schrieb COURTAULT Francois: > Hello everyone, > > We scan the vulnerabilities in TomEE Plus 8.0.14 and we have > discovered the following CVE: CVE-2016-3088 which prevent us to use > this version :( > It seems it is due to activemq-protobuf-1.1.jar. > > The question: Is the ActiveMQ Fileserver web application deployed in > TomEE 8.0.14 and TomEE 9.0.0 ? > If not the CVE-2016-3088 doesn't affect TomEE 8.0.14 and 9.0.0, right > ? > > Best Regards. > > >
