Summary
This host is installed with Apache ActiveMQ and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Solution
Upgrade to version 5.9.0 or later,
For Updates refer to http://activemq.apache.org
Insight
Flaws is due to an improper validation of the command in a user crontab file upon processing by the scheduled.jsp script.
Affected
Apache ActiveMQ 5.8.0 and prior
Detection
Send a Crafted HTTP POST request and check whether it is able to read the cookie or not.
References
Severity
Classification
-
CVE CVE-2013-1879 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Apache Tomcat Directory Listing and File disclosure
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Struts2 showcase namespace XSS Vulnerability