Bug 955906 (CVE-2012-6092) - CVE-2012-6092 activemq: Multiple XSS flaws in web demos
Summary: CVE-2012-6092 activemq: Multiple XSS flaws in web demos
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-6092
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 955433 958349
TreeView+ depends on / blocked
 
Reported: 2013-04-24 04:21 UTC by Arun Babu Neelicattu
Modified: 2019-09-29 13:03 UTC (History)
12 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-09-02 23:47:33 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1029 0 normal SHIPPED_LIVE Important: Fuse MQ Enterprise 7.1.0 update 2013-07-09 21:56:11 UTC

Description Arun Babu Neelicattu 2013-04-24 04:21:03 UTC 
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6092
Comment 2 errata-xmlrpc 2013-07-09 17:57:44 UTC 
This issue has been addressed in following products:

  Fuse MQ Enterprise 7.1.0

Via RHSA-2013:1029 https://rhn.redhat.com/errata/RHSA-2013-1029.html
Note You need to log in before you can comment on or make changes to this bug.