CVE-2013-1879

Severity

6.1

Description

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue. `activemq-core` was moved to `activemq-client` in version 5.8

Related links:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1879

https://issues.apache.org/jira/browse/AMQ-4397

https://exchange.xforce.ibmcloud.com/vulnerabilities/85586

Project

Category

n/a

Tags

data

Date Disclosed

2013-07-18

Date Discovered

2013-02-19

Apache TomEE 1.5.x

First release:

2012-09-28

0

Support Lifecycle:

Namespace:

javax

1.5.0 1.5.1 1.5.2

Apache TomEE 1.0.x

First release:

2012-04-27

0

Support Lifecycle:

Namespace:

javax

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.