It was reported that the web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console. Affected versions: Apache ActiveMQ 5.0.0 - 5.13.1 External Reference: http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
Created activemq tracking bugs for this issue: Affects: fedora-all [bug 1317522]
https://issues.jboss.org/browse/ENTMQ-1586 was opened to track
This issue has been addressed in the following products: JBoss Fuse 6.2.1 JBoss A-MQ 6.2.1 Via RHSA-2016:1424 https://access.redhat.com/errata/RHSA-2016:1424