PT-2018-18376 · Apache · Apache Activemq
Published
2018-10-10
·
Updated
2021-02-14
·
CVE-2018-8006
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Apache ActiveMQ versions 5.0.0 through 5.15.5
Description:
A cross-site scripting issue was found in the web-based administration console, specifically on the queue.jsp page. The root cause is improper data filtering of the
QueueFilter parameter.Recommendations:
For Apache ActiveMQ versions 5.0.0 through 5.15.5, consider disabling access to the queue.jsp page until a patch is available. Restrict input for the
QueueFilter parameter to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Activemq