FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

activemq -- Web Console Cross-Site Scripting

Affected packages
activemq < 5.13.1

Details

VuXML ID a6cc5753-f29e-11e5-b4a9-ac220bdcec59
Discovery 2016-03-10
Entry 2016-03-25

Vladimir Ivanov (Positive Technologies) reports:

Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia.

[source]

References

CVE Name CVE-2016-0782
URL http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.