Author: cshannon
Date: Thu Mar 17 15:37:44 2016
New Revision: 983034
Log:
Updating typo in CVE-2016-0782-announcement.txt
Modified:
websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
Modified:
websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
==============================================================================
---
websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
(original)
+++
websites/production/activemq/content/security-advisories.data/CVE-2016-0782-announcement.txt
Thu Mar 17 15:37:44 2016
@@ -6,14 +6,14 @@ Vendor:
The Apache Software Foundation
Versions Affected:
-Apache ActiveMQ 5.0.0 - 5.13.1
+Apache ActiveMQ 5.0.0 - 5.13.0
Description:
Several instances of cross-site scripting vulnerabilities were identified to
be present in the web based administration console as well as the ability to
trigger a Java memory dump into an arbitrary folder. The root cause of these
issues are improper user data output validation and incorrect permissions
configured on Jolokia.
Mitigation:
-Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.2
+Upgrade to Apache ActiveMQ 5.11.4, 5.12.3, or 5.13.1
Credit:
This issue was discovered by Vladimir Ivanov (Positive Technologies)
