CVE-2010-0684

Description

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

Affected products

• apache / ActiveMQ5.3.0
• apache / ActiveMQ1.1 – 1.1
• apache / ActiveMQ1.2 – 1.2
• apache / ActiveMQ1.3 – 1.3
• apache / ActiveMQ1.4 – 1.4
• apache / ActiveMQ1.5 – 1.5
• apache / ActiveMQ2.0 – 2.0
• apache / ActiveMQ2.1 – 2.1
• apache / ActiveMQ3.0 – 3.0
• apache / ActiveMQ3.1 – 3.1
• apache / ActiveMQ3.2 – 3.2
• apache / ActiveMQ3.2.1 – 3.2.1
• apache / ActiveMQ3.2.2 – 3.2.2
• apache / ActiveMQ4.0 – 4.0
• apache / ActiveMQ4.0 – 4.0
• apache / ActiveMQ4.0 – 4.0
• apache / ActiveMQ4.0.1 – 4.0.1
• apache / ActiveMQ4.0.2 – 4.0.2
• apache / ActiveMQ4.1.0 – 4.1.0
• apache / ActiveMQ4.1.1 – 4.1.1
• apache / ActiveMQ5.0.0 – 5.0.0
• apache / ActiveMQ5.1.0 – 5.1.0
• apache / ActiveMQ5.2.0 – 5.2.0

References

• MISChttps://issues.apache.org/activemq/browse/AMQ-2613
• MISChttp://www.securityfocus.com/archive/1/510419/100/0/threaded
• MISChttp://securitytracker.com/id?1023778
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/57397
• MISChttp://activemq.apache.org/activemq-531-release.html
• MISChttp://www.securityfocus.com/bid/39119
• VENDOR_ADVISORYhttp://secunia.com/advisories/39223
• MISChttps://issues.apache.org/activemq/browse/AMQ-2625
• MISChttp://www.rajatswarup.com/CVE-2010-0684.txt