Summary
This host is installed with Apache ActiveMQ and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Solution
Upgrade to version 5.9.0 or later,
For Updates refer to http://activemq.apache.org
Insight
Flaws is due to an improper validation of the command in a user crontab file upon processing by the scheduled.jsp script.
Affected
Apache ActiveMQ 5.8.0 and prior
Detection
Send a Crafted HTTP POST request and check whether it is able to read the cookie or not.
References
Severity
Classification
-
CVE CVE-2013-1879 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities