CVE-2016-0734

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions 5.x before 5.13.2

Description The issue is related to the web-based administration console in Apache ActiveMQ, which does not send an X-Frame-Options HTTP header. This makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a FRAME or IFRAME element. The exploitation of this issue may allow a remote attacker to place malicious elements on a page and force a user to activate them using specially formed web pages.

Recommendations For Apache ActiveMQ versions 5.x before 5.13.2, update to version 5.13.2 or later to resolve the issue.