Description

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Remediation

References

http://activemq.apache.org/activemq-531-release.html

http://secunia.com/advisories/39223

https://exchange.xforce.ibmcloud.com/vulnerabilities/57398

https://issues.apache.org/activemq/browse/AMQ-2613

https://issues.apache.org/activemq/browse/AMQ-2625

Related Vulnerabilities

CVE-2021-27191 Vulnerability in npm package get-ip-range

CVE-2014-3416 Vulnerability in maven package org.jasig.portal:uportal-war

CVE-2023-35156 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-skin-resources

CVE-2023-34238 Vulnerability in npm package gatsby-transformer-remark

CVE-2023-26470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

Severity

Critical

Classification

CWE-352

Tags

Patch Vendor Advisory Exploit