Activemq
CVE-2018-8006
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 6 maven packages depend on org.apache.activemq:activemq-web-console (2 direct, 4 indirect)
Ecosystem-wide dependent count for version 5.0.0.
DescriptionNVD
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
AnalysisAI
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. Affected products include: Apache Activemq.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remot
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Rated critical severity (CVSS 9.8), this v
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote att
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.9), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerabi
XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerabi
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today