← voltar
CVE-2018-8006

CVE-2018-8006

EPSS 56.2%
Vexday Risk Score
30Baixo
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 56.2%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
10 out 2018Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
Produtos afetados
Apache Software Foundation · Apache ActiveMQ

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txthttps://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2%40%3Cgitbox.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814%40%3Cgitbox.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3Ehttp://www.securityfocus.com/bid/105156