High severityNVD Advisory· Published Sep 10, 2018· Updated Sep 16, 2024
CVE-2018-11775
CVE-2018-11775
Description
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache ActiveMQ Client before 5.15.6 does not verify TLS hostnames, enabling MITM attacks.
Vulnerability
Apache ActiveMQ Client versions before 5.15.6 did not perform TLS hostname verification when establishing a secure connection between a Java application and the ActiveMQ server. This missing verification meant that the client would accept any certificate presented by the server during the TLS handshake, including certificates not issued for the expected hostname [1][2][3]. The vulnerability is present in all client versions prior to 5.15.6.
Exploitation
An attacker with a network position between the Java application using the ActiveMQ client and the target ActiveMQ server can perform a man-in-the-middle (MITM) attack. The attacker would need to present a valid TLS certificate (even if issued for a different hostname) to intercept the connection. No authentication, write access, or user interaction is required from the client side once the TLS connection is initiated [1][2].
Impact
A successful MITM attack allows the attacker to eavesdrop on all communications between the client and the ActiveMQ server, leading to information disclosure of message content, credentials, and other sensitive data. The attacker may also modify or inject messages, potentially disrupting application logic or data integrity, though the primary impact is loss of confidentiality [1][2].
Mitigation
Apache ActiveMQ Client version 5.15.6 fixed this issue by enabling TLS hostname verification by default [2][3]. Users should upgrade to 5.15.6 or later. Red Hat customers can apply RHSA-2019:3892 for updated packages [1]. If upgrading is not immediately possible, users can manually enforce hostname verification by configuring the client's SSL context appropriately, though no official workaround was provided [2].
References
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:activemq-clientMaven | < 5.15.6 | 5.15.6 |
Affected products
2- Apache Software Foundation/Apache ActiveMQv5Range: 5.0.0 - 5.15.5
Patches
202971a40e281AMQ-7047 - Switch default for hostname verification to be false for
17 files changed · +36 −37
activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java+2 −2 modified@@ -185,7 +185,7 @@ protected void addTranportConnectors() throws Exception { } if (isUseSslConnector()) { connector = brokerService.addConnector( - "amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig()); + "amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig()); amqpSslPort = connector.getConnectUri().getPort(); amqpSslURI = connector.getPublishableConnectURI(); LOG.debug("Using amqp+ssl port " + amqpSslPort); @@ -199,7 +199,7 @@ protected void addTranportConnectors() throws Exception { } if (isUseNioPlusSslConnector()) { connector = brokerService.addConnector( - "amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig()); + "amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig()); amqpNioPlusSslPort = connector.getConnectUri().getPort(); amqpNioPlusSslURI = connector.getPublishableConnectURI(); LOG.debug("Using amqp+nio+ssl port " + amqpNioPlusSslPort);
activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java+1 −1 modified@@ -79,7 +79,7 @@ protected URI getBrokerURI() { @Override protected String getAdditionalConfig() { - return "?transport.needClientAuth=true&transport.verifyHostName=false"; + return "?transport.needClientAuth=true"; }
activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java+1 −1 modified@@ -57,7 +57,7 @@ public class NIOSSLTransport extends NIOTransport { protected boolean wantClientAuth; protected String[] enabledCipherSuites; protected String[] enabledProtocols; - protected boolean verifyHostName = true; + protected boolean verifyHostName = false; protected SSLContext sslContext; protected SSLEngine sslEngine;
activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java+1 −0 modified@@ -96,6 +96,7 @@ protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgu verifyHostName = Boolean.parseBoolean(socketOptions.get("verifyHostName").toString()); socketOptions.remove("verifyHostName"); } else { + //If null and not set then this is a client so default to true verifyHostName = true; } }
activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java+3 −1 modified@@ -80,7 +80,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements protected int minmumWireFormatVersion; protected boolean useQueueForAccept = true; protected boolean allowLinkStealing; - protected boolean verifyHostName = true; + protected boolean verifyHostName = false; /** * trace=true -> the Transport stack where this TcpTransport object will be, will have a TransportLogger layer @@ -176,6 +176,8 @@ private void configureServerSocket(ServerSocket socket) throws SocketException { if (socket instanceof SSLServerSocket) { if (transportOptions.containsKey("verifyHostName")) { verifyHostName = Boolean.parseBoolean(transportOptions.get("verifyHostName").toString()); + } else { + transportOptions.put("verifyHostName", verifyHostName); } if (verifyHostName) {
activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java+1 −1 modified@@ -55,7 +55,7 @@ public static Collection<Object[]> data() { */ public MQTTAutoSslAuthTest(String protocol) { this.protocol = protocol; - protocolConfig = "transport.needClientAuth=true&transport.verifyHostName=false&"; + protocolConfig = "transport.needClientAuth=true"; } @Override
activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java+1 −1 modified@@ -54,7 +54,7 @@ protected Socket createSocket() throws IOException { @Override public void addOpenWireConnector() throws Exception { - TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false"); + TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?transport.needClientAuth=true"); cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString() + "?socket.verifyHostName=false"); }
activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java+1 −1 modified@@ -71,7 +71,7 @@ public void before() throws Exception { brokerService.setPersistent(false); TransportConnector connector = brokerService.addConnector(protocol + - "://localhost:0?transport.soTimeout=3500&transport.verifyHostName=false"); + "://localhost:0?transport.soTimeout=3500"); connector.setName("connector"); uri = connector.getPublishableConnectString();
activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java+1 −1 modified@@ -47,7 +47,7 @@ public void testForceReconnect() throws Exception { remote.setSslContext(sslContext); remote.setUseJmx(false); remote.setPersistent(false); - final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0?transport.verifyHostName=false"); + final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0"); remote.start(); BrokerService local = new BrokerService();
activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java+2 −2 modified@@ -75,7 +75,7 @@ public void before() throws Exception { BrokerService brokerService = new BrokerService(); brokerService.setPersistent(false); - TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false"); + TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true"); connector.setName("auto"); uri = connector.getPublishableConnectString(); @@ -126,7 +126,7 @@ public AutoSslAuthTest(String protocol) { @Test(timeout = 60000) public void testConnect() throws Exception { ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(); - factory.setBrokerURL(uri + "?socket.verifyHostName=false"); + factory.setBrokerURL(uri); //Create 5 connections to make sure all are properly set for (int i = 0; i < 5; i++) {
activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java+0 −3 modified@@ -103,9 +103,6 @@ public void tearDown() throws Exception { } public void configureConnectorAndStart(String bindAddress) throws Exception { - if (bindAddress.contains("ssl")) { - bindAddress += bindAddress.contains("?") ? "&transport.verifyHostName=false" : "?transport.verifyHostName=false"; - } connector = service.addConnector(bindAddress); connectionUri = connector.getPublishableConnectString(); if (connectionUri.contains("ssl")) {
activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java+5 −6 modified@@ -80,28 +80,28 @@ public void stopBroker(BrokerService broker) throws Exception { @Test public void basicConnector() throws Exception { - BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false"); + BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true"); basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false"); stopBroker(broker); } @Test public void enabledCipherSuites() throws Exception { - BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256&transport.verifyHostName=false"); + BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256"); basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false"); stopBroker(broker); } @Test public void enabledProtocols() throws Exception { - BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.verifyHostName=false"); + BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"); basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false"); stopBroker(broker); } - //Client/server is missing verifyHostName=false so it should fail as cert doesn't have right host name + //Client is missing verifyHostName=false so it should fail as cert doesn't have right host name @Test(expected = Exception.class) - public void verifyHostNameError() throws Exception { + public void verifyHostNameErrorClient() throws Exception { BrokerService broker = null; try { broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true"); @@ -113,7 +113,6 @@ public void verifyHostNameError() throws Exception { } } - public void basicSendReceive(String uri) throws Exception { ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(uri); Connection connection = factory.createConnection();
activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java+1 −1 modified@@ -74,7 +74,7 @@ public void setUp() throws Exception { broker = new BrokerService(); broker.setPersistent(false); broker.setUseJmx(false); - connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256"); + connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256"); broker.start(); broker.waitUntilStarted();
activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java+10 −10 modified@@ -30,11 +30,11 @@ @SuppressWarnings("javadoc") public class NIOSSLWindowSizeTest extends TestCase { - + BrokerService broker; Connection connection; Session session; - + public static final String KEYSTORE_TYPE = "jks"; public static final String PASSWORD = "password"; public static final String SERVER_KEYSTORE = "src/test/resources/server.keystore"; @@ -46,7 +46,7 @@ public class NIOSSLWindowSizeTest extends TestCase { public static final int MESSAGE_SIZE = 65536; byte[] messageData; - + @Override protected void setUp() throws Exception { System.setProperty("javax.net.ssl.trustStore", TRUST_KEYSTORE); @@ -59,19 +59,19 @@ protected void setUp() throws Exception { broker = new BrokerService(); broker.setPersistent(false); broker.setUseJmx(false); - TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false"); + TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true"); broker.start(); broker.waitUntilStarted(); - + messageData = new byte[MESSAGE_SIZE]; for (int i = 0; i < MESSAGE_SIZE; i++) { messageData[i] = (byte) (i & 0xff); } - + ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("nio+ssl://localhost:" + connector.getConnectUri().getPort()); connection = factory.createConnection(); - session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); + session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); connection.start(); } @@ -100,14 +100,14 @@ public void testLargePayload() throws Exception { prod.send(msg); } finally { prod.close(); - } + } MessageConsumer cons = null; - try + try { cons = session.createConsumer(dest); assertNotNull(cons.receive(30000L)); } finally { cons.close(); - } + } } }
activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml+4 −4 modified@@ -36,10 +36,10 @@ </sslContext> <transportConnectors> - <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> - <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> - <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> - <transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" /> + <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" /> + <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true" /> + <transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true" /> </transportConnectors> </broker>
activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml+1 −1 modified@@ -171,7 +171,7 @@ </systemUsage> <transportConnectors> - <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/> + <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/> </transportConnectors> </broker> </beans>
activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml+1 −1 modified@@ -171,7 +171,7 @@ </systemUsage> <transportConnectors> - <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/> + <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/> </transportConnectors> </broker> </beans>
bde7097fb817Add support for hostname verification
24 files changed · +157 −46
activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/AmqpTestSupport.java+2 −2 modified@@ -185,7 +185,7 @@ protected void addTranportConnectors() throws Exception { } if (isUseSslConnector()) { connector = brokerService.addConnector( - "amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig()); + "amqp+ssl://0.0.0.0:" + amqpSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig()); amqpSslPort = connector.getConnectUri().getPort(); amqpSslURI = connector.getPublishableConnectURI(); LOG.debug("Using amqp+ssl port " + amqpSslPort); @@ -199,7 +199,7 @@ protected void addTranportConnectors() throws Exception { } if (isUseNioPlusSslConnector()) { connector = brokerService.addConnector( - "amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig()); + "amqp+nio+ssl://0.0.0.0:" + amqpNioPlusSslPort + "?transport.verifyHostName=false&transport.tcpNoDelay=true&transport.transformer=" + getAmqpTransformer() + getAdditionalConfig()); amqpNioPlusSslPort = connector.getConnectUri().getPort(); amqpNioPlusSslURI = connector.getPublishableConnectURI(); LOG.debug("Using amqp+nio+ssl port " + amqpNioPlusSslPort);
activemq-amqp/src/test/java/org/apache/activemq/transport/amqp/auto/JMSClientAutoSslAuthTest.java+1 −1 modified@@ -79,7 +79,7 @@ protected URI getBrokerURI() { @Override protected String getAdditionalConfig() { - return "?transport.needClientAuth=true"; + return "?transport.needClientAuth=true&transport.verifyHostName=false"; }
activemq-broker/src/main/java/org/apache/activemq/transport/nio/AutoInitNioSSLTransport.java+7 −0 modified@@ -30,6 +30,7 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; +import javax.net.ssl.SSLParameters; import org.apache.activemq.thread.TaskRunnerFactory; import org.apache.activemq.util.IOExceptionSupport; @@ -89,6 +90,12 @@ protected void initializeStreams() throws IOException { sslEngine = sslContext.createSSLEngine(); } + if (verifyHostName) { + SSLParameters sslParams = new SSLParameters(); + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + sslEngine.setSSLParameters(sslParams); + } + sslEngine.setUseClientMode(false); if (enabledCipherSuites != null) { sslEngine.setEnabledCipherSuites(enabledCipherSuites);
activemq-client/src/main/java/org/apache/activemq/transport/nio/NIOSSLTransport.java+16 −0 modified@@ -36,6 +36,7 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLEngineResult.HandshakeStatus; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; @@ -56,6 +57,7 @@ public class NIOSSLTransport extends NIOTransport { protected boolean wantClientAuth; protected String[] enabledCipherSuites; protected String[] enabledProtocols; + protected boolean verifyHostName = true; protected SSLContext sslContext; protected SSLEngine sslEngine; @@ -119,6 +121,12 @@ protected void initializeStreams() throws IOException { sslEngine = sslContext.createSSLEngine(); } + if (verifyHostName) { + SSLParameters sslParams = new SSLParameters(); + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + sslEngine.setSSLParameters(sslParams); + } + sslEngine.setUseClientMode(false); if (enabledCipherSuites != null) { sslEngine.setEnabledCipherSuites(enabledCipherSuites); @@ -543,4 +551,12 @@ public String[] getEnabledProtocols() { public void setEnabledProtocols(String[] enabledProtocols) { this.enabledProtocols = enabledProtocols; } + + public boolean isVerifyHostName() { + return verifyHostName; + } + + public void setVerifyHostName(boolean verifyHostName) { + this.verifyHostName = verifyHostName; + } }
activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransport.java+40 −0 modified@@ -17,11 +17,14 @@ package org.apache.activemq.transport.tcp; import java.io.IOException; +import java.net.Socket; +import java.net.SocketException; import java.net.URI; import java.net.UnknownHostException; import java.security.cert.X509Certificate; import java.util.HashMap; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -43,6 +46,8 @@ */ public class SslTransport extends TcpTransport { + private Boolean verifyHostName = null; + /** * Connect to a remote node such as a Broker. * @@ -73,6 +78,37 @@ public SslTransport(WireFormat wireFormat, SSLSocketFactory socketFactory, URI r } } + @Override + protected void initialiseSocket(Socket sock) throws SocketException, IllegalArgumentException { + //This needs to default to null because this transport class is used for both a server transport + //and a client connection and if we default it to a value it might override the transport server setting + //that was configured inside TcpTransportServer + + //The idea here is that if this is a server transport then verifyHostName will be set by the setter + //below and not be null (if using transport.verifyHostName) but if a client uses socket.verifyHostName + //then it will be null and we can check socketOptions + + //Unfortunately we have to do this to stay consistent because every other SSL option on the client + //side is configured using socket. but this particular option isn't actually part of the socket + //so it makes it tricky + if (verifyHostName == null) { + if (socketOptions != null && socketOptions.containsKey("verifyHostName")) { + verifyHostName = Boolean.parseBoolean(socketOptions.get("verifyHostName").toString()); + socketOptions.remove("verifyHostName"); + } else { + verifyHostName = true; + } + } + + if (verifyHostName) { + SSLParameters sslParams = new SSLParameters(); + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + ((SSLSocket)this.socket).setSSLParameters(sslParams); + } + + super.initialiseSocket(sock); + } + /** * Initialize from a ServerSocket. No access to needClientAuth is given * since it is already set within the provided socket. @@ -108,6 +144,10 @@ public void doConsume(Object command) { super.doConsume(command); } + public void setVerifyHostName(Boolean verifyHostName) { + this.verifyHostName = verifyHostName; + } + /** * @return peer certificate chain associated with the ssl socket */
activemq-client/src/main/java/org/apache/activemq/transport/tcp/SslTransportServer.java+2 −0 modified@@ -100,6 +100,7 @@ public void setWantClientAuth(boolean wantAuth) { * * @throws IOException passed up from TcpTransportServer. */ + @Override public void bind() throws IOException { super.bind(); if (needClientAuth) { @@ -119,6 +120,7 @@ public void bind() throws IOException { * @return The newly return (SSL) Transport. * @throws IOException */ + @Override protected Transport createTransport(Socket socket, WireFormat format) throws IOException { return new SslTransport(format, (SSLSocket)socket); }
activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransport.java+2 −1 modified@@ -133,7 +133,7 @@ public class TcpTransport extends TransportThreadSupport implements Transport, S protected final AtomicReference<CountDownLatch> stoppedLatch = new AtomicReference<CountDownLatch>(); protected volatile int receiveCounter; - private Map<String, Object> socketOptions; + protected Map<String, Object> socketOptions; private int soLinger = Integer.MIN_VALUE; private Boolean keepAlive; private Boolean tcpNoDelay; @@ -751,6 +751,7 @@ private boolean setTrafficClass(Socket sock) throws SocketException, return true; } + @Override public WireFormat getWireFormat() { return wireFormat; }
activemq-client/src/main/java/org/apache/activemq/transport/tcp/TcpTransportServer.java+13 −0 modified@@ -40,6 +40,7 @@ import java.util.concurrent.atomic.AtomicInteger; import javax.net.ServerSocketFactory; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLServerSocket; import org.apache.activemq.Service; @@ -79,6 +80,7 @@ public class TcpTransportServer extends TransportServerThreadSupport implements protected int minmumWireFormatVersion; protected boolean useQueueForAccept = true; protected boolean allowLinkStealing; + protected boolean verifyHostName = true; /** * trace=true -> the Transport stack where this TcpTransport object will be, will have a TransportLogger layer @@ -172,6 +174,16 @@ private void configureServerSocket(ServerSocket socket) throws SocketException { // see: https://issues.apache.org/jira/browse/AMQ-4582 // if (socket instanceof SSLServerSocket) { + if (transportOptions.containsKey("verifyHostName")) { + verifyHostName = Boolean.parseBoolean(transportOptions.get("verifyHostName").toString()); + } + + if (verifyHostName) { + SSLParameters sslParams = new SSLParameters(); + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + ((SSLServerSocket)this.serverSocket).setSSLParameters(sslParams); + } + if (transportOptions.containsKey("enabledCipherSuites")) { Object cipherSuites = transportOptions.remove("enabledCipherSuites"); @@ -180,6 +192,7 @@ private void configureServerSocket(ServerSocket socket) throws SocketException { "Invalid transport options {enabledCipherSuites=%s}", cipherSuites)); } } + } //AMQ-6599 - don't strip out set properties on the socket as we need to set them
activemq-mqtt/src/test/java/org/apache/activemq/transport/mqtt/auto/MQTTAutoSslAuthTest.java+1 −1 modified@@ -55,7 +55,7 @@ public static Collection<Object[]> data() { */ public MQTTAutoSslAuthTest(String protocol) { this.protocol = protocol; - protocolConfig = "transport.needClientAuth=true"; + protocolConfig = "transport.needClientAuth=true&transport.verifyHostName=false&"; } @Override
activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/auto/StompAutoSslAuthTest.java+1 −1 modified@@ -102,7 +102,7 @@ protected Socket createSocket() throws IOException { @Override protected String getAdditionalConfig() { - return "?transport.needClientAuth=true"; + return "?transport.needClientAuth=true&transport.verifyHostName=false"; } @Override
activemq-stomp/src/test/java/org/apache/activemq/transport/stomp/StompSslAuthTest.java+3 −3 modified@@ -54,13 +54,13 @@ protected Socket createSocket() throws IOException { @Override public void addOpenWireConnector() throws Exception { - TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?needClientAuth=true"); - cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString()); + TransportConnector connector = brokerService.addConnector("ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false"); + cf = new ActiveMQConnectionFactory(connector.getPublishableConnectString() + "?socket.verifyHostName=false"); } @Override protected String getAdditionalConfig() { - return "?needClientAuth=true"; + return "?needClientAuth=true&transport.verifyHostName=false"; } // NOOP - These operations handled by jaas cert login module
activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ4126Test.java+1 −1 modified@@ -121,7 +121,7 @@ public void testStompNIOSSLWithCertificate() throws Exception { public void openwireConnectTo(String connectorName, String username, String password) throws Exception { URI brokerURI = broker.getConnectorByName(connectorName).getConnectUri(); - String uri = "ssl://" + brokerURI.getHost() + ":" + brokerURI.getPort(); + String uri = "ssl://" + brokerURI.getHost() + ":" + brokerURI.getPort() + "?socket.verifyHostName=false"; ActiveMQSslConnectionFactory cf = new ActiveMQSslConnectionFactory(uri); cf.setTrustStore("org/apache/activemq/security/broker1.ks"); cf.setTrustStorePassword("password");
activemq-unit-tests/src/test/java/org/apache/activemq/bugs/AMQ6599Test.java+1 −1 modified@@ -71,7 +71,7 @@ public void before() throws Exception { brokerService.setPersistent(false); TransportConnector connector = brokerService.addConnector(protocol + - "://localhost:0?transport.soTimeout=3500"); + "://localhost:0?transport.soTimeout=3500&transport.verifyHostName=false"); connector.setName("connector"); uri = connector.getPublishableConnectString();
activemq-unit-tests/src/test/java/org/apache/activemq/network/NetworkReconnectSslNioTest.java+2 −2 modified@@ -47,14 +47,14 @@ public void testForceReconnect() throws Exception { remote.setSslContext(sslContext); remote.setUseJmx(false); remote.setPersistent(false); - final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0"); + final TransportConnector transportConnector = remote.addConnector("nio+ssl://0.0.0.0:0?transport.verifyHostName=false"); remote.start(); BrokerService local = new BrokerService(); local.setSslContext(sslContext); local.setUseJmx(false); local.setPersistent(false); - final NetworkConnector networkConnector = local.addNetworkConnector("static:(" + remote.getTransportConnectorByScheme("nio+ssl").getPublishableConnectString().replace("nio+ssl", "ssl") + ")?useExponentialBackOff=false&initialReconnectDelay=10"); + final NetworkConnector networkConnector = local.addNetworkConnector("static:(" + remote.getTransportConnectorByScheme("nio+ssl").getPublishableConnectString().replace("nio+ssl", "ssl") + "?socket.verifyHostName=false" + ")?useExponentialBackOff=false&initialReconnectDelay=10"); local.start(); assertTrue("Bridge created", Wait.waitFor(new Wait.Condition() {
activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoSslAuthTest.java+2 −2 modified@@ -75,7 +75,7 @@ public void before() throws Exception { BrokerService brokerService = new BrokerService(); brokerService.setPersistent(false); - TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true"); + TransportConnector connector = brokerService.addConnector(protocol + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false"); connector.setName("auto"); uri = connector.getPublishableConnectString(); @@ -126,7 +126,7 @@ public AutoSslAuthTest(String protocol) { @Test(timeout = 60000) public void testConnect() throws Exception { ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(); - factory.setBrokerURL(uri); + factory.setBrokerURL(uri + "?socket.verifyHostName=false"); //Create 5 connections to make sure all are properly set for (int i = 0; i < 5; i++) {
activemq-unit-tests/src/test/java/org/apache/activemq/transport/auto/AutoTransportConnectionsTest.java+6 −0 modified@@ -103,8 +103,14 @@ public void tearDown() throws Exception { } public void configureConnectorAndStart(String bindAddress) throws Exception { + if (bindAddress.contains("ssl")) { + bindAddress += bindAddress.contains("?") ? "&transport.verifyHostName=false" : "?transport.verifyHostName=false"; + } connector = service.addConnector(bindAddress); connectionUri = connector.getPublishableConnectString(); + if (connectionUri.contains("ssl")) { + connectionUri += connectionUri.contains("?") ? "&socket.verifyHostName=false" : "?socket.verifyHostName=false"; + } service.start(); service.waitUntilStarted(); }
activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLBasicTest.java+25 −8 modified@@ -17,14 +17,14 @@ package org.apache.activemq.transport.nio; import javax.jms.Connection; +import javax.jms.JMSException; import javax.jms.Message; import javax.jms.MessageConsumer; import javax.jms.MessageProducer; import javax.jms.Queue; import javax.jms.Session; import javax.jms.TextMessage; - -import junit.framework.TestCase; +import javax.net.ssl.SSLHandshakeException; import org.apache.activemq.ActiveMQConnectionFactory; import org.apache.activemq.broker.BrokerService; @@ -33,6 +33,8 @@ import org.junit.Before; import org.junit.Test; +import junit.framework.TestCase; + public class NIOSSLBasicTest { public static final String KEYSTORE_TYPE = "jks"; @@ -78,25 +80,40 @@ public void stopBroker(BrokerService broker) throws Exception { @Test public void basicConnector() throws Exception { - BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true"); - basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort()); + BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false"); + basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false"); stopBroker(broker); } @Test public void enabledCipherSuites() throws Exception { - BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); - basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort()); + BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256&transport.verifyHostName=false"); + basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false"); stopBroker(broker); } @Test public void enabledProtocols() throws Exception { - BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2"); - basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort()); + BrokerService broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.verifyHostName=false"); + basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort() + "?socket.verifyHostName=false"); stopBroker(broker); } + //Client/server is missing verifyHostName=false so it should fail as cert doesn't have right host name + @Test(expected = Exception.class) + public void verifyHostNameError() throws Exception { + BrokerService broker = null; + try { + broker = createBroker("nio+ssl", getTransportType() + "://localhost:61616?transport.needClientAuth=true"); + basicSendReceive("ssl://localhost:" + broker.getConnectorByName("nio+ssl").getConnectUri().getPort()); + } finally { + if (broker != null) { + stopBroker(broker); + } + } + } + + public void basicSendReceive(String uri) throws Exception { ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory(uri); Connection connection = factory.createConnection();
activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLLoadTest.java+2 −1 modified@@ -74,7 +74,7 @@ public void setUp() throws Exception { broker = new BrokerService(); broker.setPersistent(false); broker.setUseJmx(false); - connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"); + connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false&transport.enabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256"); broker.start(); broker.waitUntilStarted(); @@ -113,6 +113,7 @@ public void testLoad() throws Exception { } Wait.waitFor(new Wait.Condition() { + @Override public boolean isSatisified() throws Exception { return getReceived() == PRODUCER_COUNT * MESSAGE_COUNT; }
activemq-unit-tests/src/test/java/org/apache/activemq/transport/nio/NIOSSLWindowSizeTest.java+10 −10 modified@@ -30,11 +30,11 @@ @SuppressWarnings("javadoc") public class NIOSSLWindowSizeTest extends TestCase { - + BrokerService broker; Connection connection; Session session; - + public static final String KEYSTORE_TYPE = "jks"; public static final String PASSWORD = "password"; public static final String SERVER_KEYSTORE = "src/test/resources/server.keystore"; @@ -46,7 +46,7 @@ public class NIOSSLWindowSizeTest extends TestCase { public static final int MESSAGE_SIZE = 65536; byte[] messageData; - + @Override protected void setUp() throws Exception { System.setProperty("javax.net.ssl.trustStore", TRUST_KEYSTORE); @@ -59,19 +59,19 @@ protected void setUp() throws Exception { broker = new BrokerService(); broker.setPersistent(false); broker.setUseJmx(false); - TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true"); + TransportConnector connector = broker.addConnector("nio+ssl://localhost:0?transport.needClientAuth=true&transport.verifyHostName=false"); broker.start(); broker.waitUntilStarted(); - + messageData = new byte[MESSAGE_SIZE]; for (int i = 0; i < MESSAGE_SIZE; i++) { messageData[i] = (byte) (i & 0xff); } - + ActiveMQConnectionFactory factory = new ActiveMQConnectionFactory("nio+ssl://localhost:" + connector.getConnectUri().getPort()); connection = factory.createConnection(); - session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); + session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE); connection.start(); } @@ -100,14 +100,14 @@ public void testLargePayload() throws Exception { prod.send(msg); } finally { prod.close(); - } + } MessageConsumer cons = null; - try + try { cons = session.createConsumer(dest); assertNotNull(cons.receive(30000L)); } finally { cons.close(); - } + } } }
activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslTransportFactoryTest.java+8 −0 modified@@ -33,10 +33,12 @@ public class SslTransportFactoryTest extends TestCase { private SslTransportFactory factory; private boolean verbose; + @Override protected void setUp() throws Exception { factory = new SslTransportFactory(); } + @Override protected void tearDown() throws Exception { super.tearDown(); } @@ -96,6 +98,12 @@ public void testCompositeConfigure() throws IOException { // -1 since the option range is [-1,1], not [0,2]. optionSettings[j] = getMthNaryDigit(i, j, 3) - 1; + //We now always set options to a default we default verifyHostName to true + //so we setSSLParameters so make the not set value = 0 + if (optionSettings[j] == -1) { + optionSettings[j] = 0; + } + if (optionSettings[j] != -1) { options.put(optionNames[j], optionSettings[j] == 1 ? "true" : "false"); }
activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/InconsistentConnectorPropertiesBehaviour.xml+6 −6 modified@@ -36,12 +36,12 @@ </sslContext> <transportConnectors> - <transportConnector name="stomp+ssl+special" uri="stomp+ssl://0.0.0.0:0?needClientAuth=true" /> - <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" /> - <transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true" /> - <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" /> - <transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true" /> - <transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" /> + <transportConnector name="stomp+ssl+special" uri="stomp+ssl://0.0.0.0:0?needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="stomp+nio+ssl+special" uri="stomp+nio+ssl://0.0.0.0:0?needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="mqtt+ssl" uri="mqtt+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="mqtt+nio+ssl" uri="mqtt+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> </transportConnectors> </broker>
activemq-unit-tests/src/test/resources/org/apache/activemq/bugs/amq4126/JaasStompSSLBroker.xml+4 −4 modified@@ -36,10 +36,10 @@ </sslContext> <transportConnectors> - <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true" /> - <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true" /> - <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true" /> - <transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true" /> + <transportConnector name="stomp+ssl" uri="stomp+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="stomp+nio+ssl" uri="stomp+nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="openwire+ssl" uri="ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> + <transportConnector name="openwire+nio+ssl" uri="nio+ssl://0.0.0.0:0?transport.needClientAuth=true&transport.verifyHostName=false" /> </transportConnectors> </broker>
activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridgeNioSsl.xml+1 −1 modified@@ -171,7 +171,7 @@ </systemUsage> <transportConnectors> - <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/> + <transportConnector name="openwire+nio-ssl-2" uri="nio+ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/> </transportConnectors> </broker> </beans>
activemq-unit-tests/src/test/resources/org/apache/activemq/security/JaasDualAuthenticationNetworkBridge.xml+1 −1 modified@@ -171,7 +171,7 @@ </systemUsage> <transportConnectors> - <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true"/> + <transportConnector name="openwire+ssl-2" uri="ssl://0.0.0.0:61626?transport.closeAsync=false&transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&transport.needClientAuth=true&transport.verifyHostName=false"/> </transportConnectors> </broker> </beans>
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
25- access.redhat.com/errata/RHSA-2019:3892ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-m9w8-v359-9ffrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-11775ghsaADVISORY
- activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txtghsax_refsource_CONFIRMWEB
- www.securityfocus.com/bid/105335mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1041618mitrevdb-entryx_refsource_SECTRACK
- github.com/apache/activemq/commit/02971a40e281713a8397d3a1809c164b594abfbbghsaWEB
- github.com/apache/activemq/commit/bde7097fb8173cf871827df7811b3865679b963dghsaWEB
- issues.apache.org/jira/browse/AMQ-7047ghsaWEB
- lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3EghsaWEB
- lists.debian.org/debian-lts-announce/2021/03/msg00005.htmlghsamailing-listx_refsource_MLISTWEB
- www.oracle.com/security-alerts/cpuapr2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2021.htmlmitrex_refsource_MISC
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlmitrex_refsource_MISC
- www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlmitrex_refsource_CONFIRM
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.