vulnerability
Apache ActiveMQ: CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Aug 5, 2016 | Jan 9, 2024 | Jan 20, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Aug 5, 2016
Added
Jan 9, 2024
Modified
Jan 20, 2025
Description
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.
Solution
apache-activemq-upgrade-latest
References
- CVE-2016-0782
- https://attackerkb.com/topics/CVE-2016-0782
- URL-http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
- URL-http://packetstormsecurity.com/files/136215/Apache-ActiveMQ-5.13.0-Cross-Site-Scripting.html
- URL-http://www.securityfocus.com/archive/1/537760/100/0/threaded
- URL-http://www.securitytracker.com/id/1035328
- URL-https://access.redhat.com/errata/RHSA-2016:1424
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1317516
- URL-https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.