Page 7 of 33 results (0.003 seconds)

CVSS: 5.0EPSS: 57%CPEs: 6EXPL: 2

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp. Jetty ResourceHandler en Apache ActiveMQ v5.x anteriores v5.3.2 v5.4.x anterior 5.4.0 premite a atacantes remotos leer código fuente JSP a través de los caracteres // (barra barra) iniciando la subcadena en la URI para (1) admin/index.jsp, (2) admin/queues.jsp, o (3) admin/topics.jsp. • https://www.exploit-db.com/exploits/33868 http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html http://secunia.com/advisories/39567 http://www.osvdb.org/64020 http://www.securityfocus.com/archive/1/510896/100/0/threaded http://www.securityfocus.com/bid/39636 http://www.vupen.com/english/advisories/2010/0979 https://issues.apache.org/activemq/browse/AMQ-2700 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 2

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en createDestination.action en Apache ActiveMQ anteriores a v5.3.1, permite a atacantes remotos secuestrar la autenticación de víctimas sin identificar que para peticiones que crea colas a través del parámetro JMSDestination en una acción queue. • http://activemq.apache.org/activemq-531-release.html http://secunia.com/advisories/39223 https://exchange.xforce.ibmcloud.com/vulnerabilities/57398 https://issues.apache.org/activemq/browse/AMQ-2613 https://issues.apache.org/activemq/browse/AMQ-2625 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 4

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en createDestination.action en Apache ActiveMQ anteriores a v5.3.1, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro JMSDestination en una acción queue. • http://activemq.apache.org/activemq-531-release.html http://secunia.com/advisories/39223 http://securitytracker.com/id?1023778 http://www.rajatswarup.com/CVE-2010-0684.txt http://www.securityfocus.com/archive/1/510419/100/0/threaded http://www.securityfocus.com/bid/39119 https://exchange.xforce.ibmcloud.com/vulnerabilities/57397 https://issues.apache.org/activemq/browse/AMQ-2613 https://issues.apache.org/activemq/browse/AMQ-2625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •