CVE-2017-15709
activemq - security update
3.7
LOW
CVSS 3.1
EPSS 65.7%
Description
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.
How to fix CVE-2017-15709
To remediate CVE-2017-15709, upgrade the affected package to a fixed version below.
- Debian/activemq—upgrade to 5.15.3-1 or later
- Debian/activemq—upgrade to 5.14.3-3+deb9u2 or later
- —upgrade to 5.15.3 or later
- —upgrade to 5.15.3 or later
Is CVE-2017-15709 being exploited?
Likely — EPSS is 65.7%, placing CVE-2017-15709 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (4)
- from 0, < 5.15.3-1
- from 0, < 5.14.3-3+deb9u2
- >= 5.14.0, < 5.15.3
- >= 5.15.0, < 5.15.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |