HomePentest-Tools.com Logo

Apache Active MQ 5.0.0 - 5.15.5 Missing TLS Hostname Verification (Windows) CVE-2018-11775

Severity
CVSSv3 Score
7.4
Vulnerability description

Apache Active MQ is missing its TLS hostname verification.

Risk description

TLS hostname verification when using the Apache ActiveMQ Client was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

Recommendation

Update to Apache Active MQ 5.15.6 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Sep 10, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available