CVE-2016-0782
published 2016-08-05CVE-2016-0782: The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to…
medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
| apache | activemq | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM