FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

activemq -- Web Console Clickjacking

Affected packages
activemq < 5.13.2

Details

VuXML ID 950b2d60-f2a9-11e5-b4a9-ac220bdcec59
Discovery 2016-03-10
Entry 2016-03-25

Michael Furman reports:

The web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console.

References

CVE Name CVE-2016-0734
URL http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt