The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform allows a malicious actor to reuse the session identifier of an authenticated user.

The vulnerability of the Hawtio web console in the Apache ActiveMQ software platform stems from the lack of setting the HTTPOnly or Secure attributes for cookie files. Exploiting this vulnerability allows a malicious actor to repeatedly use the authenticated user’s session identifier remotely...