Vulnerability Description
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Activemq | 5.0.0 |
Related Weaknesses (CWE)
References
- http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.tVendor Advisory
- http://www.openwall.com/lists/oss-security/2016/03/10/11
- http://www.securityfocus.com/bid/84321
- http://www.securitytracker.com/id/1035327
- https://access.redhat.com/errata/RHSA-2016:1424
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65
- http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.tVendor Advisory
- http://www.openwall.com/lists/oss-security/2016/03/10/11
- http://www.securityfocus.com/bid/84321
- http://www.securitytracker.com/id/1035327
- https://access.redhat.com/errata/RHSA-2016:1424
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65
FAQ
What is CVE-2016-0734?
CVE-2016-0734 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a...
How severe is CVE-2016-0734?
CVE-2016-0734 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0734?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Activemq.