CVE-2010-1244

CVSS v2.0 6.8 (Medium)

EPSS 0.12 % (46^th)

Affected Products 1

Advisories 1

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2010-04-05 16:30:00
(14 years ago)
Updated Date: 2017-08-17 01:32:18
(7 years ago)

Affected Products

Apache

Activemq

Configuration #1

	CPE23	Up To
Apache Activemq 5.3.0 and prior versions	cpe:2.3:a:apache:activemq	<= 5.3.0
Apache Activemq 1.1	cpe:2.3:a:apache:activemq:1.1
Apache Activemq 1.2	cpe:2.3:a:apache:activemq:1.2
Apache Activemq 1.3	cpe:2.3:a:apache:activemq:1.3
Apache Activemq 1.4	cpe:2.3:a:apache:activemq:1.4
Apache Activemq 1.5	cpe:2.3:a:apache:activemq:1.5
Apache Activemq 2.0	cpe:2.3:a:apache:activemq:2.0
Apache Activemq 2.1	cpe:2.3:a:apache:activemq:2.1
Apache Activemq 3.0	cpe:2.3:a:apache:activemq:3.0
Apache Activemq 3.1	cpe:2.3:a:apache:activemq:3.1
Apache Activemq 3.2	cpe:2.3:a:apache:activemq:3.2
Apache Activemq 3.2.1	cpe:2.3:a:apache:activemq:3.2.1
Apache Activemq 3.2.2	cpe:2.3:a:apache:activemq:3.2.2
Apache Activemq 4.0	cpe:2.3:a:apache:activemq:4.0
Apache Activemq 4.0 M4	cpe:2.3:a:apache:activemq:4.0:m4
Apache Activemq 4.0 Rc2	cpe:2.3:a:apache:activemq:4.0:rc2
Apache Activemq 4.0.1	cpe:2.3:a:apache:activemq:4.0.1
Apache Activemq 4.0.2	cpe:2.3:a:apache:activemq:4.0.2
Apache Activemq 4.1.0	cpe:2.3:a:apache:activemq:4.1.0
Apache Activemq 4.1.1	cpe:2.3:a:apache:activemq:4.1.1
Apache Activemq 5.0.0	cpe:2.3:a:apache:activemq:5.0.0
Apache Activemq 5.1.0	cpe:2.3:a:apache:activemq:5.1.0
Apache Activemq 5.2.0	cpe:2.3:a:apache:activemq:5.2.0