You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by bu...@apache.org on 2018/10/10 10:23:38 UTC
svn commit: r1036219 - in /websites/production/activemq/content:
cache/main.pageCache security-advisories.data/CVE-2018-8006-announcement.txt
security-advisories.html
Author: buildbot
Date: Wed Oct 10 10:23:37 2018
New Revision: 1036219
Log:
Production update by buildbot for activemq
Added:
websites/production/activemq/content/security-advisories.data/CVE-2018-8006-announcement.txt
Modified:
websites/production/activemq/content/cache/main.pageCache
websites/production/activemq/content/security-advisories.html
Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Added: websites/production/activemq/content/security-advisories.data/CVE-2018-8006-announcement.txt
==============================================================================
--- websites/production/activemq/content/security-advisories.data/CVE-2018-8006-announcement.txt (added)
+++ websites/production/activemq/content/security-advisories.data/CVE-2018-8006-announcement.txt Wed Oct 10 10:23:37 2018
@@ -0,0 +1,20 @@
+
+CVE-2018-8006: ActiveMQ Web Console - Cross-Site Scripting
+
+Severity: Important
+
+Vendor:
+The Apache Software Foundation
+
+Versions Affected:
+Apache ActiveMQ 5.0.0 - 5.15.5
+
+Description:
+An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter.
+
+
+Mitigation:
+Upgrade to Apache ActiveMQ 5.15.6 or disable the Web Console
+
+Credit:
+This issue was discovered by Robert Foggia of SpiderLabs
Modified: websites/production/activemq/content/security-advisories.html
==============================================================================
--- websites/production/activemq/content/security-advisories.html (original)
+++ websites/production/activemq/content/security-advisories.html Wed Oct 10 10:23:37 2018
@@ -71,7 +71,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2 id="SecurityAdvisories-ApacheActiveMQ">Apache ActiveMQ</h2><h3 id="SecurityAdvisories-2018">2018</h3><ul><li><p class="p1"><span class="s1"><a shape="rect" href="security-advisories.data/CVE-2017-15709-announcement.txt?version=2&modificationDate=1518522887000&api=v2" data-linked-resource-id="75968203" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2017-15709-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2017-15709</a> - Information Leak</span></p></li><li><p class="p1"><span class="s1"><a shape="rect" href="security-advisories.data/CVE-2018-11775-announcement.txt?version=2&modificationDate=1536605082000&api=v2" data-linked-resource-id="91554156" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2018-11775-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2018-11775</a> - Missing TLS Hostname Verification<br clear="none"></span></p></li></ul><h3 id="SecurityAdvisories-2017">2017</h3><ul><li><p class="p1"><span class="s1"><a shape="rect" href="security-advisories.data/CVE-2015-7559-announcement.txt?version=1&modificationDate=1493024710000&api=v2" data-linked-resource-id="69407411" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-7559-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2015-7559</a> - DoS in client via shutdown command</span></p></li></ul><h3 id="SecurityAdvisories-2016">
2016</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2016-6810-announcement.txt?version=2&modificationDate=1481290006000&api=v2" data-linked-resource-id="67634297" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-6810-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2016-6810</a> - ActiveMQ Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&modificationDate=1457613666000&api=v2" data-linked-resource-id="62687061" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-0734-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="518089
57" data-linked-resource-container-version="18">CVE-2016-0734</a> - ActiveMQ Web Console - Clickjacking</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&modificationDate=1458229308000&api=v2" data-linked-resource-id="62687062" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-0782-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2016-0782</a> - ActiveMQ Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-3088-announcement.txt?version=5&modificationDate=1464092715000&api=v2" data-linked-resource-id="63406525" data-linked-resource-version="5" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-3088-announcement.txt" data-nice-
type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2016-3088</a> - ActiveMQ Fileserver web application vulnerabilities</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2" data-linked-resource-id="61331741" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5254-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2015-5254</a> - Unsafe deserialization in ActiveMQ</li><li><a shape="rect" href="security-advisories.data/CVE-2015-1830-announcement.txt?version=2&modificationDate=1440426986000&api=v2" data-linked-resource-id="6131384
0" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-1830-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2015-1830</a> - Path traversal leading to unauthenticated RCE in ActiveMQ </li></ul><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&modificationDate=1446901063000&api=v2" data-linked-resource-id="61327457" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3576-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2014-3576</a> - Remote Unauthenticated Shutdown of Broker (DoS)</l
i><li><a shape="rect" href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2" data-linked-resource-id="52035730" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3600-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2014-3600</a> - Apache ActiveMQ XXE with XPath selectors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2" data-linked-resource-id="52035731" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3612-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linke
d-resource-container-version="18">CVE-2014-3612</a> - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li><li><a shape="rect" href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2" data-linked-resource-id="52035732" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-8110-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2014-8110</a> - <span style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site Scripting</span><span style="line-height: 1.4285715;"><br clear="none"></span></li></ul><h2 id="SecurityAdvisories-ActiveMQApollo"><span style="line-height: 1.4285715;">ActiveMQ Apollo</span></h2><h3 id="SecurityAdvisories-2014.1"><span style="line-height: 1.42857
15;">2014</span></h3><ul><li><span style="line-height: 1.4285715;"><span style="line-height: 1.4285715;"> </span></span><a shape="rect" href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&modificationDate=1423054118000&api=v2" data-linked-resource-id="52035737" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3579-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="18">CVE-2014-3579</a><span style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath selectors</span></li></ul><p><span style="line-height: 1.4285715;"> </span></p></div>
+<div class="wiki-content maincontent"><h2 id="SecurityAdvisories-ApacheActiveMQ">Apache ActiveMQ</h2><h3 id="SecurityAdvisories-2018">2018</h3><ul><li><p class="p1"><a shape="rect" href="security-advisories.data/CVE-2018-8006-announcement.txt?version=1&modificationDate=1539165795000&api=v2" data-linked-resource-id="95650396" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-8006-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2018-8006</a> - ActiveMQ Web Console - Cross-Site Scripting</p></li><li><p class="p1"><span class="s1"><a shape="rect" href="security-advisories.data/CVE-2017-15709-announcement.txt?version=2&modificationDate=1518522887000&api=v2" data-linked-resource-id="75968203" data-linked-resource-version="2" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2017-15709-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2017-15709</a> - Information Leak</span></p></li><li><p class="p1"><span class="s1"><a shape="rect" href="security-advisories.data/CVE-2018-11775-announcement.txt?version=2&modificationDate=1536605082000&api=v2" data-linked-resource-id="91554156" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2018-11775-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2018-11775</a> - Missing TLS Hostname Verification<br clear="none"></span></p></li></ul><h3 id="SecurityAdvisories-2017">2017</h3><ul><li><p class="p1"><span class="s1"><a shape="rec
t" href="security-advisories.data/CVE-2015-7559-announcement.txt?version=1&modificationDate=1493024710000&api=v2" data-linked-resource-id="69407411" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-7559-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2015-7559</a> - DoS in client via shutdown command</span></p></li></ul><h3 id="SecurityAdvisories-2016">2016</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2016-6810-announcement.txt?version=2&modificationDate=1481290006000&api=v2" data-linked-resource-id="67634297" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-6810-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-co
ntainer-id="51808957" data-linked-resource-container-version="19">CVE-2016-6810</a> - ActiveMQ Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0734-announcement.txt?version=1&modificationDate=1457613666000&api=v2" data-linked-resource-id="62687061" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-0734-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2016-0734</a> - ActiveMQ Web Console - Clickjacking</li><li><a shape="rect" href="security-advisories.data/CVE-2016-0782-announcement.txt?version=2&modificationDate=1458229308000&api=v2" data-linked-resource-id="62687062" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-0782-announceme
nt.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2016-0782</a> - ActiveMQ Web Console - Cross-Site Scripting</li><li><a shape="rect" href="security-advisories.data/CVE-2016-3088-announcement.txt?version=5&modificationDate=1464092715000&api=v2" data-linked-resource-id="63406525" data-linked-resource-version="5" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2016-3088-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2016-3088</a> - ActiveMQ Fileserver web application vulnerabilities</li></ul><h3 id="SecurityAdvisories-2015">2015</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2015-5254-announcement.txt?version=1&modificationDate=1449589734000&api=v2"
data-linked-resource-id="61331741" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-5254-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2015-5254</a> - Unsafe deserialization in ActiveMQ</li><li><a shape="rect" href="security-advisories.data/CVE-2015-1830-announcement.txt?version=2&modificationDate=1440426986000&api=v2" data-linked-resource-id="61313840" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2015-1830-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2015-1830</a> - Path traversal leading to unauthenticated RCE in ActiveMQ </li></ul><h3 id="SecurityAdvisorie
s-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-3576-announcement.txt?version=1&modificationDate=1446901063000&api=v2" data-linked-resource-id="61327457" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3576-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2014-3576</a> - Remote Unauthenticated Shutdown of Broker (DoS)</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3600-announcement.txt?version=2&modificationDate=1423051306000&api=v2" data-linked-resource-id="52035730" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3600-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id=
"51808957" data-linked-resource-container-version="19">CVE-2014-3600</a> - Apache ActiveMQ XXE with XPath selectors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3612-announcement.txt?version=2&modificationDate=1423051365000&api=v2" data-linked-resource-id="52035731" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3612-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2014-3612</a> - ActiveMQ JAAS: LDAPLoginModule allows empty password authentication and Wildcard Interpretation</li><li><a shape="rect" href="security-advisories.data/CVE-2014-8110-announcement.txt?version=2&modificationDate=1423051381000&api=v2" data-linked-resource-id="52035732" data-linked-resource-version="2" data-linked-resource-type="attachment" data-linked-resourc
e-default-alias="CVE-2014-8110-announcement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2014-8110</a> - <span style="line-height: 1.4285715;">ActiveMQ Web Console - Cross-Site Scripting</span><span style="line-height: 1.4285715;"><br clear="none"></span></li></ul><h2 id="SecurityAdvisories-ActiveMQApollo"><span style="line-height: 1.4285715;">ActiveMQ Apollo</span></h2><h3 id="SecurityAdvisories-2014.1"><span style="line-height: 1.4285715;">2014</span></h3><ul><li><span style="line-height: 1.4285715;"><span style="line-height: 1.4285715;"> </span></span><a shape="rect" href="security-advisories.data/CVE-2014-3579-announcement.txt?version=1&modificationDate=1423054118000&api=v2" data-linked-resource-id="52035737" data-linked-resource-version="1" data-linked-resource-type="attachment" data-linked-resource-default-alias="CVE-2014-3579-announc
ement.txt" data-nice-type="Text File" data-linked-resource-content-type="text/plain" data-linked-resource-container-id="51808957" data-linked-resource-container-version="19">CVE-2014-3579</a><span style="line-height: 1.4285715;"> - ActiveMQ Apollo XXE with XPath selectors</span></li></ul><p><span style="line-height: 1.4285715;"> </span></p></div>
</td>
<td valign="top">
<div class="navigation">