Chapter 6. Fixed Common Vulnerabilities and Exposures

This section details Common Vulnerabilities and Exposures (CVEs) fixed in the AMQ Broker 7.8 release.

  • ENTMQBR-3755 - CVE-2020-13932 - mqtt-client: activemq: remote XSS in web console diagram plugin [amq-7]
  • ENTMQBR-3382 - CVE-2015-5183 Hawtio: HTTPOnly and Secure attributes not set on cookies [amq-7]
  • ENTMQBR-4037 - CVE-2019-12749 - DBusServer DBUS_COOKIE_SHA1 authentication bypass
  • ENTMQBR-4068 - CVE-2019-9827 - hawtio: server side request forgery via initial /proxy/ substring of a URI [amq-7.7.0]
  • ENTMQBR-4158 - CVE-2020-27216 - jetty: local temporary directory hijacking vulnerability [amq-7]