virus logo Intrusion Prevention

Apache.ActiveMQ.Web.Console.message.jsp.XSS

description-logoDescription

This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Apache Software Foundation ActiveMQ.
The vulnerability is due to insufficient validation of the JMSDestination parameter to message.jsp in the web console. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious crafted link or web page. Successful exploitation could lead to arbitrary script execution in the target user's browser under the security context of the user.

affected-products-logoAffected Products

Apache Software Foundation ActiveMQ prior to 5.15.14
Apache Software Foundation ActiveMQ prior to 5.16.1

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary script code in the context of the affected application.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2021-03-04 18.030
Modified
 Default_action:pass:drop
2021-02-23 17.021
New
ID 49858
Created Feb 15, 2021
Updated Mar 03, 2021
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 4.03%
Default Action drop
Active
Affected OS All
Affected App Apache
Profile Type XSS