Main Vulnerability Database SB2018011031

SB2018011031 - Cross-site scripting in ActiveMQ

Published: January 10, 2018 Updated: July 17, 2020

Security Bulletin ID SB2018011031

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2016-6810)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.

Remediation

Install update from vendor's website.

References

http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt
http://www.securityfocus.com/bid/94882
http://www.securitytracker.com/id/1037475
https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E