CVE-2012-6092

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

Reference

https://issues.apache.org/jira/browse/AMQ-4115
https://fisheye6.atlassian.com/changelog/activemq?cs=1399577
http://activemq.apache.org/activemq-580-release.html
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282
http://rhn.redhat.com/errata/RHSA-2013-1029.html
http://www.securityfocus.com/bid/59400

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:12

Objavljeno

21-04-2013 - 21:55