FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-0782

This CVE name corresponds to:

Entered Topic
2016-03-25 activemq -- Web Console Cross-Site Scripting

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2016-0782 at cve.mitre.org

Details

Type Candidate
Name CVE-2016-0782
Phase Assigned(20151216)

Description

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

References

Source Reference
BUGTRAQ 20160310 [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting
MISC http://packetstormsecurity.com/files/136215/Apache-ActiveMQ-5.13.0-Cross-Site-Scripting.html
CONFIRM http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1317516

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.