vulnerability
Apache ActiveMQ: CVE-2016-0782: Improper Neutralization of Input During Web Page Generation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Aug 5, 2016 | Jan 9, 2024 | Mar 25, 2026 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Aug 5, 2016
Added
Jan 9, 2024
Modified
Mar 25, 2026
Description
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.
Solution
apache-activemq-upgrade-latest
References
- CWE-79
- CVE-2016-0782
- https://attackerkb.com/topics/CVE-2016-0782
- http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
- http://packetstormsecurity.com/files/136215/Apache-ActiveMQ-5.13.0-Cross-Site-Scripting.html
- http://www.securityfocus.com/archive/1/537760/100/0/threaded
- http://www.securitytracker.com/id/1035328
- https://access.redhat.com/errata/RHSA-2016:1424
- https://bugzilla.redhat.com/show_bug.cgi?id=1317516
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-3227
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.