You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@activemq.apache.org by "Rajat Swarup (JIRA)" <ji...@apache.org> on 2010/02/17 20:22:40 UTC
[jira] Created: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
---------------------------------------------------------------------------------------
Key: AMQ-2613
URL: https://issues.apache.org/activemq/browse/AMQ-2613
Project: ActiveMQ
Issue Type: Bug
Environment: Linux environment.
Reporter: Rajat Swarup
Priority: Critical
GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
This GET request creates a queue name that has malformed queue name. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
I do not know the affected version information yet. Is there some way I can find it?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Rajat Swarup (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajat Swarup updated AMQ-2613:
------------------------------
Description:
GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
I do not know the affected version information yet. Is there some way I can find it?
Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
----
CVE Identifier issued for this:
CVE-2010-0684
was:
GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
I do not know the affected version information yet. Is there some way I can find it?
Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Rajat Swarup (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajat Swarup updated AMQ-2613:
------------------------------
Description:
GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
I do not know the affected version information yet. Is there some way I can find it?
Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
was:
GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
This GET request creates a queue name that has malformed queue name. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
I do not know the affected version information yet. Is there some way I can find it?
Two issues:
- XSS
- XSRF/CSRF
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Priority: Critical
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Dejan Bosanac (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dejan Bosanac resolved AMQ-2613.
--------------------------------
Resolution: Fixed
No worries James, I'm glad it's really fixed. Cheers
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.4.0, 5.3.1
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Dejan Bosanac (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dejan Bosanac resolved AMQ-2613.
--------------------------------
Resolution: Fixed
Fix Version/s: 5.4.0
5.3.1
Fixed with svn revision 915384 and merged into 5.3 branch.
The web console should now be immune to XSS and CSRF attacks. First ones are fixed by sanitizing the output. The CSRF attacks are prevented by sending a secret to the form and checking it before modifying results. Also, POST method is forced where it is applicable.
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Dejan Bosanac (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dejan Bosanac resolved AMQ-2613.
--------------------------------
Resolution: Fixed
Fixed in svn revision 931552
Thanks for reporting this. I did some more sanitation and hopefully everything is covered now.
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.4.0, 5.3.1
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "James Casey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Casey reopened AMQ-2613:
------------------------------
Dejan,
I just checked on the latest 5.4 snapshot (Thu Apr 08 04:00:00). The first issue is fixed, but the second one (sending a message with correlationID containing script) still occurs.
cheers,
James.
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Rob Davies (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rob Davies reassigned AMQ-2613:
-------------------------------
Assignee: Dejan Bosanac
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "James Casey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58706#action_58706 ]
James Casey commented on AMQ-2613:
----------------------------------
Dejan,
my mistake, activemq was picking up an old config file during my tests. I confirm this now looks fixed.
I think you can close it now (again !)
thanks,
James.
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Dejan Bosanac (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58705#action_58705 ]
Dejan Bosanac commented on AMQ-2613:
------------------------------------
Hi James,
I just tried to reproduce it, but it seems all fine from here. What are you seeing as a result?
Cheers,
Dejan
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Work started: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Dejan Bosanac (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on AMQ-2613 started by Dejan Bosanac.
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Romain Wartel (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58696#action_58696 ]
Romain Wartel commented on AMQ-2613:
------------------------------------
Joe is correct.
Also, for the permanent XSS, "correlation ID" is not the only vulnerable variable. "Reply To ", "Type", etc. are vulnerable.
It is important to sanitise user input in general, not just for the variables that are being reported here.
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Rajat Swarup (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajat Swarup updated AMQ-2613:
------------------------------
Affects Version/s: 5.3.0
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Priority: Critical
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (AMQ-2613) Persistent Cross-site Scripting in
/createDesitnation.action [JMSDestination parameter]
Posted by "Joe Luo (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Luo reopened AMQ-2613:
--------------------------
It looks like there are some new unpatched vunerabilities. Taking a release apache-activemq 5.3.1, installing it and navigating to :
http://localhost:8161/admin/connection.jsp?connectionID=%3Cscript%3Ealert%28%27XSS%27%29;%3C/script%3E
you see an non-permanent XSS vunerability
For a permanent XSS vunerability do the following:
1) On web console go to the 'send' page:
set:
* destination : "foo"
* correlation ID field to "<script>alert('Vunerable to XSS!');</script>"
2) go to the queue browser page page for queue "foo" - you get an XSS attack
> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
> Key: AMQ-2613
> URL: https://issues.apache.org/activemq/browse/AMQ-2613
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.0
> Environment: Linux environment.
> Reporter: Rajat Swarup
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link.
> I do not know the affected version information yet. Is there some way I can find it?
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.