Improper Authentication in Apache ActiveMQ and Apache Artemis

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error...

Debian DLA-2583-1 : activemq security update

Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 When using the OpenWire protocol in activemq, it was found that certain system details such as the OS and kernel version are exposed as plain text. CVE-2018-11775 TLS hostname...