Bug 580889 (CVE-2010-1244)

Summary: CVE-2010-1244 ActiveMQ: CSRF in createDestination
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: djorm, ldimaggi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1244
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-01-04 03:20:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2010-04-09 10:58:08 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1244 to
the following vulnerability:

Cross-site request forgery (CSRF) vulnerability in
createDestination.action in Apache ActiveMQ before 5.3.1 allows remote
attackers to hijack the authentication of unspecified victims for
requests that create queues via the JMSDestination parameter in a
queue action.

References:
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1244
  [2] http://activemq.apache.org/activemq-531-release.html
  [3] https://issues.apache.org/activemq/browse/AMQ-2613
  [4] https://issues.apache.org/activemq/browse/AMQ-2625
  [5] http://secunia.com/advisories/39223
  [6] http://xforce.iss.net/xforce/xfdb/57398
Comment 1 David Jorm 2012-01-04 03:20:42 UTC 
Statement:

Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products.