1404645 – (CVE-2016-6810) CVE-2016-6810 activemq: Cross-site scripting in web based administration console

Bug 1404645 (CVE-2016-6810) - CVE-2016-6810 activemq: Cross-site scripting in web based administration console

Summary: CVE-2016-6810 activemq: Cross-site scripting in web based administration console

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2016-6810
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1404646 1404647
Blocks:	1404648
TreeView+	depends on / blocked

Reported:	2016-12-14 10:47 UTC by Adam Mariš
Modified:	2021-10-21 11:49 UTC (History)
CC List:	26 users (show)
Fixed In Version:	activemq 5.14.2
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-21 11:49:22 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2016-12-14 10:47:02 UTC

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.

Affected versions: ActiveMQ 5.0.0 - 5.14.1

External Reference:

http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt

Comment 2 Adam Mariš 2016-12-14 10:48:00 UTC

Created activemq tracking bugs for this issue:

Affects: fedora-all [bug 1404647]

Comment 4 Hooman Broujerdi 2017-11-01 04:24:23 UTC

Mitigation: Users are advised to use hawtio as an alternative to the old management console.

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
agrimm
aileenc
ccoleman
chazlett
dedgar
dmcphers
gvarsami
java-sig-commits
jcoleman
jgoulding
jialiu
joelsmith
jokerman
ldimaggi
lmeyer
mmccomas
nwallace
puntogil
rwagner
soa-p-jira
s
tcunning
tdawson
tiwillia
tkirby