This host is running Apache ActiveMQ and is prone to cross-site scripting and cross-site request forgery vulnerabilities.
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application
Upgrade to the latest version of ActiveMQ 5.3.1 or later, For updates refer to http://activemq.apache.org
The flaw is caused by improper validation of user-supplied input via the 'JMSDestination' parameter to createDestination.action that allows the attackers to insert arbitrary HTML and script code.
Apache ActiveMQ 5.3 and prior.
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Archiva Multiple Vulnerabilities
- Apache Solr Directory Traversal Vulnerability Jan-14
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability