Hi everybody, it seems the Jetty server bundled with the latest activemq release (5.14.0) is prone to the jetleak vulnerability mentioned in CVE-2015-2080 and here:
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html When exploiting the issue mentioned, the whole activemq instance seems to crash sometimes. This is especially cumbersome when you are on a large network and your production activemq instances are constantly crashed by "vulnerability scanners"... Is this already known by the devs and will there be an update to activemq with a non vulnerable version of jetty? Many Thanks, Benjamin -- View this message in context: http://activemq.2283324.n4.nabble.com/Activemq-bundled-Jetty-Jetleak-vulnerability-tp4717035.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
