Description

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Remediation

References

http://activemq.apache.org/activemq-531-release.html

http://secunia.com/advisories/39223

https://exchange.xforce.ibmcloud.com/vulnerabilities/57398

https://issues.apache.org/activemq/browse/AMQ-2613

https://issues.apache.org/activemq/browse/AMQ-2625

Related Vulnerabilities

CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:coyote

CVE-2015-8859 Vulnerability in npm package send

CVE-2020-7608 Vulnerability in maven package org.webjars.npm:yargs-parser

CVE-2017-1000421 Vulnerability in npm package gifsicle

CVE-2023-36480 Vulnerability in maven package com.aerospike:aerospike-client

Severity

Critical

Classification

CWE-352

Tags

Patch Vendor Advisory Exploit