| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 29 Apr 2010 15:19:46 -0000
From: arun.gnyan@...il.com
To: bugtraq@...urityfocus.com
Subject: Apache ActiveMQ XSS Vulnerability
Vulnerability Info:
26/04/2010 Issue Discovered 26/04/2010 Vendor Notified
27/04/2010 Vendor Conformed Class: Cross-Site Scripting (Input validation)
Severity: Medium
Overview:
---------
Apache ActiveMQ is prone to cross-site scripting vulnerability.
Technical Description:
----------------------
The issue is caused due to the problem in Jetty's error handler that doesn't escape the message.
Impact:
--------
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Affected Software:
------------------
Apache ActiveMQ 5.3.x versrions are affected with this issue.
Not Affected Software:
----------------------
Apache ActiveMQ 5.4-SNAPSHOT
Proof of Concept:
-----------------
http://localhost:8161/admin/ueueBrowse/example.A?view=rss&feedType=<script>alert("ACTIVEMQ")</script>
Workaround:
-----------
https://issues.apache.org/activemq/browse/AMQ-2714
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = Medium
AUTHENTICATION = NOT REQUIRED
CONFIDENTIALITY_IMPACT = PARTIAL
INTEGRITY_IMPACT = PARTIAL
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = WORKAROUND
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 5.8 (AV:N/AC:L/Au:NR/C:P/I:P/A:N)
CVSS Temporal Score = 4.9
Credits:
--------
Arun Kethipelly of Qualys, Inc
Powered by blists - more mailing lists