Christopher Shannon

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ versions 5.x before 5.13.2 **Description** The issue is related to the web-based administration console in Apache ActiveMQ, which does not send an X-Frame-Options HTTP header. This makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a FRAME or IFRAME element. The exploitation of this issue may allow a remote attacker to place malicious elements on a page and force a user to activate them using specially formed web pages. **Recommendations** For Apache ActiveMQ versions 5.x before 5.13.2, update to version 5.13.2 or later to resolve the issue.