CVE-2010-0684
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
| Software | From | Fixed in |
|---|---|---|
| apache / activemq | 4.1.0 | 4.1.0.x |
| apache / activemq | 1.2 | 1.2.x |
| apache / activemq | 1.5 | 1.5.x |
| apache / activemq | 3.2.1 | 3.2.1.x |
| apache / activemq | 1.3 | 1.3.x |
| apache / activemq | 3.2 | 3.2.x |
| apache / activemq | 2.1 | 2.1.x |
| apache / activemq | 5.2.0 | 5.2.0.x |
| apache / activemq | 3.1 | 3.1.x |
| apache / activemq | - | 5.3.0.x |
| apache / activemq | 1.4 | 1.4.x |
| apache / activemq | 1.1 | 1.1.x |
| apache / activemq | 5.0.0 | 5.0.0.x |
| apache / activemq | 4.0 | 4.0.x |
| apache / activemq | 4.0.2 | 4.0.2.x |
| apache / activemq | 4.0.1 | 4.0.1.x |
| apache / activemq | 3.2.2 | 3.2.2.x |
| apache / activemq | 3.0 | 3.0.x |
| apache / activemq | 5.1.0 | 5.1.0.x |
| apache / activemq | 4.0-rc2 | 4.0-rc2.x |
| apache / activemq | 4.1.1 | 4.1.1.x |
| apache / activemq | 4.0-m4 | 4.0-m4.x |
| apache / activemq | 2.0 | 2.0.x |
- http://activemq.apache.org/activemq-531-release.html
- http://secunia.com/advisories/39223
- http://securitytracker.com/id?1023778
- http://www.rajatswarup.com/CVE-2010-0684.txt
- http://www.securityfocus.com/archive/1/510419/100/0/threaded
- http://www.securityfocus.com/bid/39119
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57397
- https://issues.apache.org/activemq/browse/AMQ-2613
- https://issues.apache.org/activemq/browse/AMQ-2625
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime