[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2015-3208 hornetq: XXE/SSRF in XPath selector
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2015-07-24 4:28:32
Message-ID: 55B1BEF0.30002 () redhat ! com
[Download RAW message or body]
CVE-2015-3208 hornetq: XXE/SSRF in XPath selector
Discovered by David Jorm
TL;DR: An XXE vulnerability was reported in the XPath component of HornetQ.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3208
This patch fixes it:
https://github.com/apache/activemq-artemis/commit/48d9951d879e0c8cbb59d4b64ab59d53ef88310d
--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic