Description

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Remediation

References

http://activemq.apache.org/activemq-531-release.html

http://secunia.com/advisories/39223

https://exchange.xforce.ibmcloud.com/vulnerabilities/57398

https://issues.apache.org/activemq/browse/AMQ-2613

https://issues.apache.org/activemq/browse/AMQ-2625

Related Vulnerabilities

CVE-2021-23383 Vulnerability in maven package org.webjars.npm:handlebars

CVE-2023-29566 Vulnerability in npm package dawnsparks-node-tesseract

CVE-2017-5954 Vulnerability in npm package serialize-to-js

CVE-2020-19850 Vulnerability in npm package directus

CVE-2023-25158 Vulnerability in maven package org.geotools:gt-jdbc

Severity

Critical

Classification

CWE-352

Tags

Patch Vendor Advisory Exploit