CVE-2010-1244

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:13

Type Values Removed Values Added
References () http://activemq.apache.org/activemq-531-release.html - Patch () http://activemq.apache.org/activemq-531-release.html - Patch
References () http://secunia.com/advisories/39223 - Vendor Advisory () http://secunia.com/advisories/39223 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/57398 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/57398 -
References () https://issues.apache.org/activemq/browse/AMQ-2613 - Exploit () https://issues.apache.org/activemq/browse/AMQ-2613 - Exploit
References () https://issues.apache.org/activemq/browse/AMQ-2625 - Exploit () https://issues.apache.org/activemq/browse/AMQ-2625 - Exploit

Information

Published : 2010-04-05 16:30

Updated : 2024-11-21 01:13


NVD link : CVE-2010-1244

Mitre link : CVE-2010-1244

CVE.ORG link : CVE-2010-1244


JSON object : View

Products Affected

apache

  • activemq
CWE
CWE-352

Cross-Site Request Forgery (CSRF)