#VU31366 Cross-site scripting in ActiveMQ
Vulnerability identifier: #VU31366
Vulnerability risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-79
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
ActiveMQ
Server applications /
Mail servers
Vendor: Apache Foundation
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.
Mitigation
Install update from vendor's website.
Vulnerable software versions
ActiveMQ: 5.0.0, 5.1.0, 5.2 - 5.2.0, 5.3.0 - 5.3.2, 5.4.0 - 5.4.3, 5.5.0 - 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0 - 5.9.1, 5.10.0 - 5.10.2, 5.11.0 - 5.11.4, 5.12.0 - 5.12.3, 5.13.0 - 5.13.5, 5.14.0 - 5.14.1
External links
http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt
http://www.securityfocus.com/bid/94882
http://www.securitytracker.com/id/1037475
http://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E
http://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
