TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
{ "nvd_published_at": "2018-09-10T20:29:00Z", "cwe_ids": [ "CWE-295" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:45:46Z" }