vulnerability
Apache ActiveMQ: CVE-2016-0734: ActiveMQ Web Console - Clickjacking
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Apr 7, 2016 | Jan 9, 2024 | Jul 15, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Apr 7, 2016
Added
Jan 9, 2024
Modified
Jul 15, 2025
Description
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
Solution
apache-activemq-upgrade-latest
References
- CVE-2016-0734
- https://attackerkb.com/topics/CVE-2016-0734
- URL-http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
- URL-http://www.openwall.com/lists/oss-security/2016/03/10/11
- URL-http://www.securityfocus.com/bid/84321
- URL-http://www.securitytracker.com/id/1035327
- URL-https://access.redhat.com/errata/RHSA-2016:1424
- URL-https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.