Red Hat Bugzilla – Bug 1249183
CVE-2015-5184 A-MQ Console: CORS headers set to allow all
Last modified: 2015-12-06 11:55:04 EST
It was found that A-MQ's Hawtio console setting for the Access-Control-Allow-Origin header permits unrestricted sharing. An attacker could use this flaw to access sensitive information or perform other attacks.
Red Hat would like to thank Naftali Rosenbaum of Comsec Consulting for reporting this issue.