Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia. Affected versions: ActiveMQ 5.0.0 - 5.13.1 External Reference: http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
Created activemq tracking bugs for this issue: Affects: fedora-all [bug 1317522]
https://issues.jboss.org/browse/ENTMQ-1586 was opened to track
This issue has been addressed in the following products: JBoss Fuse 6.2.1 JBoss A-MQ 6.2.1 Via RHSA-2016:1424 https://access.redhat.com/errata/RHSA-2016:1424