CVE-2016-0734
published 2016-04-07CVE-2016-0734: The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |