Home / os / win7

Apache ActiveMQ version 5.3.x XSS Vulnerabilities

Posted on 30 April 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Apache ActiveMQ version 5.3.x XSS Vulnerabilities</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=================================================
Apache ActiveMQ version 5.3.x XSS Vulnerabilities
=================================================

Severity: Medium

Overview:
---------
Apache ActiveMQ is prone to cross-site scripting vulnerability.

Technical Description:
----------------------
The issue is caused due to the problem in Jetty's error handler that doesn't escape the message.

Impact:
--------
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Affected Software:
------------------
Apache ActiveMQ 5.3.x versrions are affected with this issue.

Not Affected Software:
----------------------
Apache ActiveMQ 5.4-SNAPSHOT


Proof of Concept:
-----------------
http://localhost:8161/admin/ueueBrowse/example.A?view=rss&amp;feedType=&lt;script&gt;alert(&quot;ACTIVEMQ&quot;)&lt;/script&gt;

Workaround:
-----------
https://issues.apache.org/activemq/browse/AMQ-2714

CVSS Score Report:
            ACCESS_VECTOR          = NETWORK
            ACCESS_COMPLEXITY      = Medium
            AUTHENTICATION         = NOT REQUIRED
            CONFIDENTIALITY_IMPACT = PARTIAL
            INTEGRITY_IMPACT       = PARTIAL
            AVAILABILITY_IMPACT    = NONE
            EXPLOITABILITY         = PROOF_OF_CONCEPT
            REMEDIATION_LEVEL      = WORKAROUND
            REPORT_CONFIDENCE      = CONFIRMED
            CVSS Base Score        = 5.8 (AV:N/AC:L/Au:NR/C:P/I:P/A:N)
            CVSS Temporal Score    = 4.9



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-04-30]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :