Cross-site Request Forgery (CSRF) Affecting org.apache.activemq:activemq-web package, versions [,5.3.1)
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Threat Intelligence
EPSS
0.12% (46th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHEACTIVEMQ-30499
- published 10 Jan 2014
- disclosed 5 Apr 2010
- credit Unknown
Introduced: 5 Apr 2010
CVE-2010-1244 Open this link in a new tabHow to fix?
Upgrade org.apache.activemq:activemq-web
to version 5.3.1 or higher.
Overview
org.apache.activemq:activemq-web
is an open source messaging and Integration Patterns server.
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.