[activemq-website] branch asf-site updated: Automatic Site Publish by Buildbot

Wed, 27 Jan 2021 09:10:21 -0800 

This is an automated email from the ASF dual-hosted git repository.

git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/activemq-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new cf94286  Automatic Site Publish by Buildbot
cf94286 is described below

commit cf94286566fd2eb5f12bb0c95f6f0dfc9703c20a
Author: buildbot <[email protected]>
AuthorDate: Wed Jan 27 17:10:09 2021 +0000

    Automatic Site Publish by Buildbot
---
 output/components/artemis/security.html                 |  3 ++-
 output/components/classic/security.html                 |  1 +
 .../CVE-2021-26117-announcement.txt                     | 17 +++++++++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/output/components/artemis/security.html 
b/output/components/artemis/security.html
index 396cc89..8edf687 100644
--- a/output/components/artemis/security.html
+++ b/output/components/artemis/security.html
@@ -97,7 +97,8 @@
 <p>See the main <a href="../../security-advisories">Security Advisories</a> 
page for details for other components and general information such as reporting 
new security issues.</p>
 
 <ul>
-  <li><a 
href="../../security-advisories.data/CVE-2021-26118-announcement.txt">CVE-2021-26118</a>
 - Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin</li>
+  <li><a 
href="../../security-advisories.data/CVE-2021-26117-announcement.txt">CVE-2021-26117</a>
 - ActiveMQ: LDAP-Authentication does not verify passwords on servers with 
anonymous bind</li>
+  <li><a 
href="../../security-advisories.data/CVE-2021-26118-announcement.txt">CVE-2021-26118</a>
 - Flaw in ActiveMQ Artemis OpenWire support</li>
   <li><a 
href="../../security-advisories.data/CVE-2020-13932-announcement.txt">CVE-2020-13932</a>
 - Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin</li>
   <li><a 
href="../../security-advisories.data/CVE-2017-12174-announcement.txt">CVE-2017-12174</a>
 - Memory exhaustion via UDP and JGroups discovery</li>
   <li><a 
href="../../security-advisories.data/CVE-2016-4978-announcement.txt">CVE-2016-4978</a>
 - Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability</li>
diff --git a/output/components/classic/security.html 
b/output/components/classic/security.html
index d6ac46b..31bca73 100644
--- a/output/components/classic/security.html
+++ b/output/components/classic/security.html
@@ -97,6 +97,7 @@
 <p>See the main <a href="../../security-advisories">Security Advisories</a> 
page for details for other components and general information such as reporting 
new security issues.</p>
 
 <ul>
+  <li><a 
href="../../security-advisories.data/CVE-2021-26117-announcement.txt">CVE-2021-26117</a>
 - ActiveMQ: LDAP-Authentication does not verify passwords on servers with 
anonymous bind</li>
   <li><a 
href="../../security-advisories.data/CVE-2020-11998-announcement.txt">CVE-2020-11998</a>
 - JMX remote client could execute arbitrary code</li>
   <li><a 
href="../../security-advisories.data/CVE-2020-13920-announcement.txt">CVE-2020-13920</a>
 - JMX MITM vulnerability</li>
   <li><a 
href="../../security-advisories.data/CVE-2020-1941-announcement.txt">CVE-2020-1941</a>
 - XSS in WebConsole</li>
diff --git a/output/security-advisories.data/CVE-2021-26117-announcement.txt 
b/output/security-advisories.data/CVE-2021-26117-announcement.txt
new file mode 100644
index 0000000..1e4e7ae
--- /dev/null
+++ b/output/security-advisories.data/CVE-2021-26117-announcement.txt
@@ -0,0 +1,17 @@
+ActiveMQ: LDAP-Authentication does not verify passwords on servers with 
anonymous bind (CVE-2021-26117)
+PRODUCT AFFECTED:
+This issue affects Apache ActiveMQ Apache ActiveMQ, Apache ActiveMQ Artemis.
+
+PROBLEM:
+The optional ActiveMQ LDAP login module can be configured to use anonymous 
access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to 
version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the 
anonymous context is used to verify a valid users password in error, resulting 
in no check on the password.
+
+This issue has been assigned CVE-2021-26117.
+
+This issue is being tracked as 
https://issues.apache.org/jira/browse/ARTEMIS-2895 and 
https://issues.apache.org/jira/browse/AMQ-8035.
+
+MODIFICATION HISTORY:
+: Initial Publication.
+RELATED LINKS:
+CVE-2021-26117 at cve.mitre.org
+ACKNOWLEDGEMENTS:
+Apache ActiveMQ would like to thank Gregor Tudan <[email protected]> 
for reporting this issue.

Reply via email to