| Vulnerability Name: | CVE-2018-8006 (CCN-148808) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2018-08-24 | ||||||||||||||||||||||||||||||||||||
| Published: | 2018-08-24 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2021-02-14 | ||||||||||||||||||||||||||||||||||||
| Summary: | An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: Apache Web site ActiveMQ Source: CONFIRM Type: Vendor Advisory http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt Source: MITRE Type: CNA CVE-2018-8006 Source: BID Type: Third Party Advisory, VDB Entry 105156 Source: CCN Type: BID-105156 Apache ActiveMQ 'QueueFilter' Parameter Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN apache-activemq-cve20188006-xss(148808) Source: MLIST Type: Issue Tracking, Vendor Advisory [activemq-dev] 20190328 Re: Website Source: MLIST Type: Mailing List, Vendor Advisory [activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories Source: MLIST Type: Mailing List, Patch, Vendor Advisory [activemq-gitbox] 20191021 [GitHub] [activemq-website] clebertsuconic commented on a change in pull request #17: Fix the ordering in the security advisories page Source: MLIST Type: Mailing List, Vendor Advisory [activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/ Source: MLIST Type: Mailing List, Patch, Vendor Advisory [activemq-gitbox] 20191022 [GitHub] [activemq-website] coheigea commented on a change in pull request #17: Fix the ordering in the security advisories page Source: MLIST Type: Issue Tracking, Mailing List, Vendor Advisory [activemq-dev] 20190327 Re: Website Source: MLIST Type: Mailing List, Patch, Vendor Advisory [activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947 Source: MLIST Type: Mailing List, Patch, Vendor Advisory [activemq-commits] 20200514 [activemq-website] branch master updated: Publish CVE-2020-1941 security advisory Source: CCN Type: IBM Security Bulletin 6344071 (QRadar SIEM) IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities Source: CCN Type: IBM Security Bulletin 6955033 (Security Directory Integrator) IBM Security Directory Integrator is affected by multiple security vulnerabilities Source: CCN Type: IBM Security Bulletin 7001693 (Security Directory Suite VA) IBM Security Directory Suite is vulnerable to multiple issues Source: CCN Type: Trustwave SpiderLabs Security Advisory TWSL2018-008 Cross-Site Scripting (XSS) Vulnerability in Apache ActiveMQ | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||