Описание
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
It was found that the JBoss A-MQ console would accept a string containing JavaScript as the name of a new message queue. Execution of the UI would subsequently execute the script. An attacker could use this flaw to access sensitive information or perform other attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | amq-6 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6 | Affected | ||
| Red Hat JBoss A-MQ 6.2 | Fixed | RHSA-2015:2557 | 07.12.2015 | |
| Red Hat JBoss Fuse 6.2 | Fixed | RHSA-2015:2556 | 07.12.2015 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1248804Console: script injection into queue name
3.5 Low
CVSS2
Связанные уязвимости
CVSS3: 5.4
nvd
больше 8 лет назад
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
CVSS3: 5.4
github
больше 3 лет назад
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
3.5 Low
CVSS2