ID de Prueba:	1.3.6.1.4.1.25623.1.0.801203
Categoría:	Web application abuses
Título:	Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Resumen:	Apache ActiveMQ is prone to cross-site scripting and cross-site request forgery vulnerabilities.
Descripción:	Summary: Apache ActiveMQ is prone to cross-site scripting and cross-site request forgery vulnerabilities. Vulnerability Insight: The flaw is caused by improper validation of user-supplied input via the 'JMSDestination' parameter to createDestination.action that allows the attackers to insert arbitrary HTML and script code. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Affected Software/OS: Apache ActiveMQ 5.3 and prior. Solution: Upgrade to the latest version of ActiveMQ 5.3.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1244 http://secunia.com/advisories/39223 XForce ISS Database: activemq-web-console-csrf(57398) https://exchange.xforce.ibmcloud.com/vulnerabilities/57398 Common Vulnerability Exposure (CVE) ID: CVE-2010-0684 BugTraq ID: 39119 http://www.securityfocus.com/bid/39119 Bugtraq: 20100330 CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting (XSS) Vulnerability (Google Search) http://www.securityfocus.com/archive/1/510419/100/0/threaded http://www.rajatswarup.com/CVE-2010-0684.txt http://securitytracker.com/id?1023778 XForce ISS Database: activemq-createdestination-xss(57397) https://exchange.xforce.ibmcloud.com/vulnerabilities/57397
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.