6.8

CVE-2010-1244

Exploit
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheActivemq Version <= 5.3.0
ApacheActivemq Version1.1
ApacheActivemq Version1.2
ApacheActivemq Version1.3
ApacheActivemq Version1.4
ApacheActivemq Version1.5
ApacheActivemq Version2.0
ApacheActivemq Version2.1
ApacheActivemq Version3.0
ApacheActivemq Version3.1
ApacheActivemq Version3.2
ApacheActivemq Version3.2.1
ApacheActivemq Version3.2.2
ApacheActivemq Version4.0
ApacheActivemq Version4.0 Updatem4
ApacheActivemq Version4.0 Updaterc2
ApacheActivemq Version4.0.1
ApacheActivemq Version4.0.2
ApacheActivemq Version4.1.0
ApacheActivemq Version4.1.1
ApacheActivemq Version5.0.0
ApacheActivemq Version5.1.0
ApacheActivemq Version5.2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.08% 0.61
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://activemq.apache.org/activemq-531-release.html
Patch
http://secunia.com/advisories/39223
Vendor Advisory
https://issues.apache.org/activemq/browse/AMQ-2613
Exploit
https://issues.apache.org/activemq/browse/AMQ-2625
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/57398