PT-2020-3257 · Apache · Apache Activemq
Published
2020-05-14
·
Updated
2024-03-06
·
CVE-2020-1941
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Apache ActiveMQ versions 5.0.0 through 5.15.11
Description
The issue is related to a lack of input data sanitization in the webconsole admin GUI of Apache ActiveMQ, which makes it susceptible to cross-site scripting (XSS) attacks. Specifically, the view that lists the contents of a queue is vulnerable. This could allow a remote attacker to perform cross-site scripting attacks.
Recommendations
For Apache ActiveMQ versions 5.0.0 through 5.15.11, consider disabling the webconsole admin GUI or restricting access to it until a patch is available. As a temporary workaround, avoid using the queue contents view in the webconsole admin GUI to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Activemq