CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
76.8%
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in
Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web
script or HTML via (1) the refresh parameter to
PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data
Publisher), or vectors involving (2) debug logs or (3) subscribe messages
in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
Author | Note |
---|---|
mdeslaur | example code not shipped in Ubuntu/Debian |
activemq.apache.org/activemq-580-release.html
fisheye6.atlassian.com/changelog/activemq?cs=1399577
issues.apache.org/jira/browse/AMQ-4115
issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282
launchpad.net/bugs/cve/CVE-2012-6092
nvd.nist.gov/vuln/detail/CVE-2012-6092
security-tracker.debian.org/tracker/CVE-2012-6092
www.cve.org/CVERecord?id=CVE-2012-6092