CVE-2018-8006

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache ActiveMQ
Vendor: CVE Published:; 10 October 2018

Summary

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

Affected Version(s)

Apache ActiveMQ 5.0.0 to 5.15.5

References

http://activemq.apache.org/security-advisories.data/CVE-2...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105156

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/2b5c0039197a4949f29e...

mailing-listx_refsource_MLIST

EPSS Score

36% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 10, 2018
Vulnerability Reserved
Mar 9, 2018

.