[jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar

Harish Kumar (Jira) Wed, 25 Sep 2019 02:25:26 -0700

Harish Kumar created AMQ-7310:
---------------------------------

             Summary: Security Vulnerabilities in Tomcat-websocket-api.jar
                 Key: AMQ-7310
                 URL: https://issues.apache.org/jira/browse/AMQ-7310
             Project: ActiveMQ
          Issue Type: Bug
    Affects Versions: 5.15.10
            Reporter: Harish Kumar



Activemq has *tomcat-websocket-api-8.0.53.jar* dependency.

This jar is vulnerable to below CVE's: *CVE-2016-5388, 
CVE-2016-5425,CVE-2017-6056.*

Ref: [https://nvd.nist.gov/vuln/detail/CVE-2016-5388]

This jar needs to be updated to {color:#172b4d}9.0.21 or latest 
available{color}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar

Reply via email to