CVE-2018-8006
Published: 10 October 2018
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
Notes
Author | Note |
---|---|
sbeattie | admin console not enabled in packaging |
Priority
Status
Package | Release | Status |
---|---|---|
activemq Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.15.8-2~18.04)
|
cosmic |
Not vulnerable
(5.15.8-2~18.04)
|
|
disco |
Not vulnerable
(5.15.8-2)
|
|
eoan |
Not vulnerable
(5.15.8-2)
|
|
focal |
Not vulnerable
(5.15.8-2)
|
|
groovy |
Not vulnerable
(5.15.8-2)
|
|
hirsute |
Not vulnerable
(5.15.8-2)
|
|
impish |
Not vulnerable
(5.15.8-2)
|
|
jammy |
Not vulnerable
(5.15.8-2)
|
|
kinetic |
Not vulnerable
(5.15.8-2)
|
|
lunar |
Not vulnerable
(5.15.8-2)
|
|
mantic |
Not vulnerable
(5.15.8-2)
|
|
noble |
Not vulnerable
(5.15.8-2)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Needs triage
|
|
xenial |
Needed
|
|
Patches: other: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d25de5d other: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d8c80a9 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |