Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Apache ActiveMQ and is prone to cross-site scripting and cross-site request forgery vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to the latest version of ActiveMQ 5.3.1 or later, For updates refer to http://activemq.apache.org

Insight

The flaw is caused by improper validation of user-supplied input via the 'JMSDestination' parameter to createDestination.action that allows the attackers to insert arbitrary HTML and script code.

Affected

Apache ActiveMQ 5.3 and prior.

References

http://secunia.com/advisories/39223
http://www.rajatswarup.com/CVE-2010-0684.txt
http://xforce.iss.net/xforce/xfdb/57398
https://issues.apache.org/activemq/browse/AMQ-2625

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0684, CVE-2010-1244

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe JRun Management Console Multiple Vulnerabilities
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Apache Tiles Multiple XSS Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14

Take action and discover your vulnerabilities