Description

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Remediation

References

http://activemq.apache.org/activemq-531-release.html

http://secunia.com/advisories/39223

https://exchange.xforce.ibmcloud.com/vulnerabilities/57398

https://issues.apache.org/activemq/browse/AMQ-2613

https://issues.apache.org/activemq/browse/AMQ-2625

Related Vulnerabilities

CVE-2022-43401 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2021-21306 Vulnerability in npm package marked

CVE-2023-46233 Vulnerability in maven package org.webjars.npm:github-com-brix-crypto-js

CVE-2021-45105 Vulnerability in maven package org.apache.logging.log4j:log4j-core

CVE-2023-46115 Vulnerability in npm package @tauri-apps/cli

Severity

Critical

Classification

CWE-352

Tags

Patch Vendor Advisory Exploit