Vulnerability Description
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Activemq | >= 5.0.0, < 5.14.2 |
Related Weaknesses (CWE)
References
- http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.tVendor Advisory
- http://www.securityfocus.com/bid/94882Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037475Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65
- http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.tVendor Advisory
- http://www.securityfocus.com/bid/94882Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037475Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65
FAQ
What is CVE-2016-6810?
CVE-2016-6810 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper...
How severe is CVE-2016-6810?
CVE-2016-6810 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6810?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Activemq.