FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

activemq -- Web Console Cross-Site Scripting

Affected packages
activemq < 5.13.1


VuXML ID a6cc5753-f29e-11e5-b4a9-ac220bdcec59
Discovery 2016-03-10
Entry 2016-03-25

Vladimir Ivanov (Positive Technologies) reports:

Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia.


CVE Name CVE-2016-0782