Apache » Activemq : Security Vulnerabilities, CVEs, Published In 2010

CVE-2010-1587

Public exploit
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
Max CVSS
5.0
EPSS Score
59.73%
Published
2010-04-28
Updated
2018-10-10

CVE-2010-1244

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
Max CVSS
6.8
EPSS Score
0.12%
Published
2010-04-05
Updated
2017-08-17

CVE-2010-0684

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
Max CVSS
3.5
EPSS Score
0.18%
Published
2010-04-05
Updated
2018-10-10
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close