Описание
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.
It was found that Apache Active MQ administration web console did not validate input correctly when creating a queue. An authenticated attacker could exploit this flaw via cross-site scripting and use it to access sensitive information or further attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss A-MQ 6 | activemq | Affected | ||
| Red Hat JBoss Fuse 6 | activemq | Not affected | ||
| Red Hat JBoss Fuse Service Works 6.0.0 | activemq | Will not fix | ||
| Red Hat JBoss Fuse Service Works 6.2.1 | activemq | Not affected | ||
| Red Hat OpenShift Enterprise 2 | activemq | Affected | ||
| Red Hat JBoss A-MQ 6.2 | Fixed | RHSA-2016:1424 | 13.07.2016 | |
| Red Hat JBoss Fuse 6.2 | Fixed | RHSA-2016:1424 | 13.07.2016 |
Показывать по
Дополнительная информация
Статус:
4.2 Medium
CVSS3
3.5 Low
CVSS2
Связанные уязвимости
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5 ...
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
4.2 Medium
CVSS3
3.5 Low
CVSS2