Clickjacking Vulnerability in Apache ActiveMQ Administration Console
CVE-2016-0734

6.1MEDIUM

Key Information:

Vendor

Apache
Status
ActiveMQ
Vendor
CVE Published:
7 April 2016

What is CVE-2016-0734?

The web-based administration console in Apache ActiveMQ versions prior to 5.13.2 is vulnerable to clickjacking due to the absence of an X-Frame-Options HTTP header. This security oversight allows remote attackers to potentially exploit the affected application by embedding it in a malicious web page, utilizing FRAME or IFRAME elements to trick users into inadvertently executing actions without their consent.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2016:1424
vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1035327
vdb-entryx_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2016/03/10/11
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.