Description

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Remediation

References

http://secunia.com/advisories/39223

http://activemq.apache.org/activemq-531-release.html

https://issues.apache.org/activemq/browse/AMQ-2625

https://issues.apache.org/activemq/browse/AMQ-2613

https://exchange.xforce.ibmcloud.com/vulnerabilities/57398

Related Vulnerabilities

CVE-2016-8741 Vulnerability in maven package org.apache.qpid:qpid-broker-core

CVE-2023-30609 Vulnerability in npm package matrix-react-sdk

CVE-2021-31412 Vulnerability in maven package com.vaadin:flow-server

CVE-2017-9787 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2018-6873 Vulnerability in npm package auth0-js

Severity

Critical

Classification

CWE-352

Tags

Vendor Advisory Patch Exploit