This host is installed with Apache ActiveMQ and is prone to multiple vulnerabilities.
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and obtain sensitive information or cause a denial of service. Impact Level: Application
Upgrade to version 5.8.0 or later, For updates refer to http://activemq.apache.org
- Flaw is due to an improper sanitation of user supplied input to the webapp/websocket/chat.js and PortfolioPublishServlet.java scripts via 'refresh' and 'subscribe message' parameters - Flaw is due to the web console not requiring any form of authentication for access. - Improper sanitation of HTTP request by the sample web applications in the out of box broker when it is enabled.
Apache ActiveMQ before 5.8.0
Updated on 2017-03-28
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability