var-201004-0510
Vulnerability from variot
Apache ActiveMQ is an open source messaging bus that supports the JMS Provider implementation of the JMS 1.1 and J2EE 1.4 specifications. The Apache ActiveMQ 'admin/queueBrowse' script does not properly filter input submitted by the user to the \"feedType\" variable. Successful exploitation of the vulnerability can steal COOKIE information such as for authentication, or obtain or modify sensitive data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ActiveMQ 5.3.0 and 5.3.1 are affected; other versions may also be vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201004-0510",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "software foundation apache activemq",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.3"
},
{
"model": "software foundation apache activemq",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.3.1"
},
{
"model": "activemq",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.3.1"
},
{
"model": "activemq",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.3"
},
{
"model": "activemq snapshot",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
},
{
"db": "BID",
"id": "39771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arun kethipelly",
"sources": [
{
"db": "BID",
"id": "39771"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache ActiveMQ is an open source messaging bus that supports the JMS Provider implementation of the JMS 1.1 and J2EE 1.4 specifications. The Apache ActiveMQ \u0027admin/queueBrowse\u0027 script does not properly filter input submitted by the user to the \\\"feedType\\\" variable. Successful exploitation of the vulnerability can steal COOKIE information such as for authentication, or obtain or modify sensitive data. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nActiveMQ 5.3.0 and 5.3.1 are affected; other versions may also be vulnerable",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
},
{
"db": "BID",
"id": "39771"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "39771",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2010-0737",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
},
{
"db": "BID",
"id": "39771"
}
]
},
"id": "VAR-201004-0510",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
}
]
},
"last_update_date": "2022-05-17T01:38:38.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apache ActiveMQ \u0027admin/queueBrowse\u0027 cross-site scripting patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/352"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "https://issues.apache.org/activemq/browse/amq-2714"
},
{
"trust": 0.3,
"url": "http://activemq.apache.org/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
},
{
"db": "BID",
"id": "39771"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
},
{
"db": "BID",
"id": "39771"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0737"
},
{
"date": "2010-04-28T00:00:00",
"db": "BID",
"id": "39771"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0737"
},
{
"date": "2010-04-28T00:00:00",
"db": "BID",
"id": "39771"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "39771"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache ActiveMQ \u0027admin/queueBrowse\u0027 cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0737"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "39771"
}
],
"trust": 0.3
}
}
Loading...