cvedb.io
CVE-2018-11775
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2018-09-10T20:29:00.223 · Last modified 2026-06-17T01:36:34.157

Summary

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

Affected products

apache — activemq

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.