[
https://issues.apache.org/jira/browse/AMQ-7019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16559012#comment-16559012
]
ASF subversion and git services commented on AMQ-7019:
------------------------------------------------------
Commit 2ebea251cdf58ddf0a29f41ccb6c6aadcfdb9b95 in activemq's branch
refs/heads/master from [~tabish121]
[ https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=2ebea25 ]
AMQ-7019 Update Jolokia to latest version
Updates version to v1.6.0
> ActiveMQ 5.15.4 jolokia.jar which has one high severity CVE against it.
> -----------------------------------------------------------------------
>
> Key: AMQ-7019
> URL: https://issues.apache.org/jira/browse/AMQ-7019
> Project: ActiveMQ
> Issue Type: Bug
> Components: webconsole
> Affects Versions: 5.15.4
> Environment: Customer environment is a mix of Linux and Windows,
> Gig-LAN (Medical & Finacial services). Will not accept the risk of having
> even one high severity CVE in thier environment. The cost of (SOX/HIPPA)
> insurence is too high to allow even one CVE with newly deployed systems.
> Reporter: Albert Baker
> Priority: Blocker
>
> ActiveMQ 5.15.4 jolokia.jar which has one high severity CVE against it.
> Discovered by adding OWASP Dependency check into ActiveMQ pom.xml and running
> the OWASP report.
> CVE-2015-5182 Severity:High CVSS Score: 6.8
> allows Cross-site request forgery (CSRF) vulnerability in the jolokia API in
> A-MQ.
> CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1248809 CONFIRM
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
