Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Apache ActiveMQ and is prone to cross-site scripting and cross-site request forgery vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to the latest version of ActiveMQ 5.3.1 or later, For updates refer to http://activemq.apache.org

Insight

The flaw is caused by improper validation of user-supplied input via the 'JMSDestination' parameter to createDestination.action that allows the attackers to insert arbitrary HTML and script code.

Affected

Apache ActiveMQ 5.3 and prior.

References

http://secunia.com/advisories/39223
http://www.rajatswarup.com/CVE-2010-0684.txt
http://xforce.iss.net/xforce/xfdb/57398
https://issues.apache.org/activemq/browse/AMQ-2625

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0684, CVE-2010-1244
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat DOS Device Name XSS
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities