Description

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Remediation

References

http://activemq.apache.org/activemq-531-release.html

http://secunia.com/advisories/39223

https://exchange.xforce.ibmcloud.com/vulnerabilities/57398

https://issues.apache.org/activemq/browse/AMQ-2613

https://issues.apache.org/activemq/browse/AMQ-2625

Related Vulnerabilities

CVE-2022-39299 Vulnerability in npm package node-saml

CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-management

CVE-2022-45921 Vulnerability in maven package io.fusionauth:fusionauth-java-client

CVE-2023-2850 Vulnerability in npm package nodebb

CVE-2022-27166 Vulnerability in maven package org.apache.jspwiki:jspwiki-war

Severity

Critical

Classification

CWE-352

Tags

Patch Vendor Advisory Exploit