Описание
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-8110
- https://github.com/apache/activemq/commit/994d9b26
- https://github.com/apache/activemq/commit/f8b3de86d8154db5680433e46734b2bd9ced852b
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100724
- https://issues.apache.org/jira/browse/AMQ-5033
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- https://web.archive.org/web/20161110092459/http://secunia.com/advisories/62649
- https://web.archive.org/web/20200228044455/http://www.securityfocus.com/bid/72511
- http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
- http://seclists.org/oss-sec/2015/q1/427
Пакеты
org.apache.activemq:activemq-client
>= 5.0.0, < 5.10.1
5.10.1
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Multiple cross-site scripting (XSS) vulnerabilities in the web based a ...