Details of VAR-201004-0510

ID

VAR-201004-0510

TITLE

Apache ActiveMQ 'admin/queueBrowse' cross-site scripting vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0737

DESCRIPTION

Apache ActiveMQ is an open source messaging bus that supports the JMS Provider implementation of the JMS 1.1 and J2EE 1.4 specifications. The Apache ActiveMQ 'admin/queueBrowse' script does not properly filter input submitted by the user to the \"feedType\" variable. Successful exploitation of the vulnerability can steal COOKIE information such as for authentication, or obtain or modify sensitive data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ActiveMQ 5.3.0 and 5.3.1 are affected; other versions may also be vulnerable

Trust: 0.81

sources: CNVD: CNVD-2010-0737 // BID: 39771

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-0737

AFFECTED PRODUCTS

vendor:	apache	model:	software foundation apache activemq	scope:	eq	version:	5.3	Trust: 0.6
vendor:	apache	model:	software foundation apache activemq	scope:	eq	version:	5.3.1	Trust: 0.6
vendor:	apache	model:	activemq	scope:	eq	version:	5.3.1	Trust: 0.3
vendor:	apache	model:	activemq	scope:	eq	version:	5.3	Trust: 0.3
vendor:	apache	model:	activemq snapshot	scope:	ne	version:	5.4	Trust: 0.3

sources: CNVD: CNVD-2010-0737 // BID: 39771

THREAT TYPE

network

Trust: 0.3

sources: BID: 39771

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 39771

PATCH

title:

Apache ActiveMQ 'admin/queueBrowse' cross-site scripting patch

url:

https://www.cnvd.org.cn/patchinfo/show/352

Trust: 0.6

sources: CNVD: CNVD-2010-0737

EXTERNAL IDS

db:	BID	id:	39771	Trust: 0.9
db:	CNVD	id:	CNVD-2010-0737	Trust: 0.6

sources: CNVD: CNVD-2010-0737 // BID: 39771

REFERENCES

url:	https://issues.apache.org/activemq/browse/amq-2714	Trust: 0.9
url:	http://activemq.apache.org/	Trust: 0.3

sources: CNVD: CNVD-2010-0737 // BID: 39771

CREDITS

arun kethipelly

Trust: 0.3

sources: BID: 39771

SOURCES

db:	CNVD	id:	CNVD-2010-0737
db:	BID	id:	39771

LAST UPDATE DATE

2022-05-17T01:38:38.343000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0737	date:	2010-04-30T00:00:00
db:	BID	id:	39771	date:	2010-04-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0737	date:	2010-04-30T00:00:00
db:	BID	id:	39771	date:	2010-04-28T00:00:00