CVE-2010-1244 — Cross-Site Request Forgery in Apache Activemq

CWE-352 — Cross-Site Request Forgery6 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 36.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq

Timeline

PublishedApr 5

Latest updateMay 2

Description

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDapache/activemq5.3.0+20

Patches

Patch: activemq.apache.org ↗Patch: activemq.apache.org ↗

🔴Vulnerability Details

GHSA

Cross-site request forgery in Apache ActiveMQ↗2022-05-02

▶

OSV

Cross-site request forgery in Apache ActiveMQ↗2022-05-02

▶

CVEList

CVE-2010-1244: Cross-site request forgery (CSRF) vulnerability in createDestination↗2010-04-05

▶

📋Vendor Advisories

Red Hat

ActiveMQ: CSRF in createDestination↗2010-02-24

▶

💬Community

Bugzilla

CVE-2010-1244 ActiveMQ: CSRF in createDestination↗2010-04-09

▶