Lucene search

K

GoogleOSV:GHSA-W525-W93J-RXGM

HistoryMay 14, 2022 - 1:14 a.m.

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

2022-05-1401:14:51

Google

osv.dev

11

apache activemq

web page generation

input neutralization

clickjacking

http header

EPSS

0.002

Percentile

64.5%

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

References

activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt

www.openwall.com/lists/oss-security/2016/03/10/11

access.redhat.com/errata/RHSA-2016:1424

github.com/apache/activemq

github.com/apache/activemq/commit/028a33ea7d73fabe6161defffdbfc85578328a68

github.com/apache/activemq/commit/24ad36778534c5ac888f880837075449169578ad

lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2016-0734

EPSS

0.002

Percentile

64.5%

Related for OSV:GHSA-W525-W93J-RXGM

debiancve1 cvelist1 cve1 nessus3 nvd1 freebsd1 github1 openvas1 prion1 ubuntucve1 redhat1 ibm4 oracle1