Lucene search
RootSSV:60761HistoryApr 24, 2013 - 12:00 a.m.
Apache ActiveMQ web demos多个跨站脚本漏洞(CVE-2012-6092)
2013-04-2400:00:00
Root
www.seebug.org
23
0.004 Low
EPSS
Percentile
71.5%
CVE ID:CVE-2012-6092
Apache ActiveMQ是一款开源消息总线,支持JMS1.1和J2EE 1.4规范的JMS Provider实现。
Apache ActiveMQ web demos存在多个跨站脚本漏洞,允许远程攻击者通过PortfolioPublishServlet.java的refresh参数(也即/demo/portfolioPublish或Market Data Publisher)或通过调试日志或通过webapp/websocket/chat.js中的订阅消息相关向量来注入WEB脚本或HTML,当恶意数据被目标用户查看时,可导致敏感信息泄露或可劫持用户会话。
0
Apache ActiveMQ 5.8.0之前版本
厂商解决方案
Apache ActiveMQ 5.8.0已经修复此漏洞,建议用户下载更新:
https://activemq.apache.org/
Related
veracode
veracode
Cross-Site Scripting (XSS)
2019-03-25 08:40:44
ubuntucve
ubuntucve
CVE-2013-1880
2014-02-05 00:00:00
CVE-2012-6092
2013-04-21 00:00:00
osv
osv
Cross-site Scripting in Apache ActiveMQ
2022-05-17 03:46:33
github
github
Cross-site Scripting in Apache ActiveMQ
2022-05-17 03:46:33
cve
cve
CVE-2013-1880
2014-02-05 18:55:00
CVE-2012-6092
2013-04-21 21:55:00
prion
prion
Cross site scripting
2014-02-05 18:55:00
Cross site scripting
2013-04-21 21:55:00
debiancve
debiancve
CVE-2012-6092
2013-04-21 21:55:00
CVE-2013-1880
2014-02-05 18:55:00
openvas
openvas
Apache ActiveMQ Multiple Vulnerabilities
2013-04-27 00:00:00
redhat
redhat
(RHSA-2013:1029) Important: Fuse MQ Enterprise 7.1.0 update
2013-07-09 00:00:00
