CVE-2015-5184

Name of the Vulnerable Software and Affected Versions Red Hat AMQ (affected versions not specified) Apache ActiveMQ (affected versions not specified)

Description The issue is related to errors in security settings of the Hawtio web console in Apache ActiveMQ, which allows CORS headers to be set to allow all in Red Hat AMQ. This could potentially allow a remote attacker to obtain confidential information or exert other influence.

Recommendations For Red Hat AMQ, consider restricting access to the web console until a fix is available. For Apache ActiveMQ, restrict access to the Hawtio web console to minimize the risk of exploitation. As a temporary workaround, consider disabling the CORS headers setting in the affected systems until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.