org.apache.activemq:activemq-web-console
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.activemq:activemq-web-consolepage 1 of 1
- CVE-2010-1587NONECVSS 0.0EG 0.0✓ Fixed in 5.3.22010-04-28
vulnerable: 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) ad…
- CVE-2018-8006MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.15.62018-10-10
vulnerable: 5.0.0 ... 5.9.1 (47 versions)
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filte…
- CVE-2020-1941MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.15.122020-05-14
vulnerable: 5.0.0 ... 5.9.1 (53 versions)
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
Check whether org.apache.activemq:activemq-web-console is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.activemq:activemq-web-console CVEs against the assets you own.
Start Free Scan →