SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Apache ActiveMQ 5.3.0 Persistent Cross-Site Scripting


Arrow  SecurityAlert : 7209
Arrow  CVE : CVE-2010-0684
Arrow  CWE : CWE-79
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : Yes
Arrow  Exploit Available : No
Arrow  Credit : Rajat Swarup
Arrow  Published : 07.04.2010

Arrow  Affected Software : apache:activemq:5.3.0 and previous versions
apache:activemq:5.2.0
apache:activemq:5.1.0
apache:activemq:5.0.0
apache:activemq:4.1.1
apache:activemq:4.1.0
apache:activemq:4.0.2
apache:activemq:4.0.1
apache:activemq:4.0
apache:activemq:4.0:rc2
apache:activemq:4.0:m4
apache:activemq:3.2.2
apache:activemq:3.2.1
apache:activemq:3.2
apache:activemq:3.1
apache:activemq:3.0
apache:activemq:2.0
apache:activemq:2.1
apache:activemq:1.5
apache:activemq:1.4
apache:activemq:1.3
apache:activemq:1.2
apache:activemq:1.1



Arrow  Advisory Content :  

CVE-2010-0684: Apache ActiveMQ Persistent Cross-Site Scripting (XSS)
Vulnerability
==============================================================

Security Advisory 03.30.2010

I. BACKGROUND

Apache ActiveMQ is the most popular and powerful open source
messaging and Integration Patterns provider.

http://activemq.apache.org/

II. DESCRIPTION

Remote unauthenticated exploitation of an input validation
vulnerability in Apache Software Foundation's ActiveMQ server could
allow an attacker to perform a
stored or persistent cross-site scripting (XSS) attack. The code
responsible for parsing HTTP requests is vulnerable to an XSS
vulnerability. When parsing the JMSDestination parameter from a GET
request to /createDestination.action page, the value of this variable
is directly inserted into the HTML code that can be accessed by using
URLs such as /queues.jsp. This allows an attacker to run arbitrary
JavaScript in the context of the affected domain of the ActiveMQ
administration console.

III. ANALYSIS

Successful exploitation of this vulnerability allows an attacker to
conduct an XSS attack on a user. This could allow an attacker to steal
cookies, inject content into pages, or submit requests using the
user's credentials. To exploit this vulnerability, an attacker must
send malicious request to the vulnerable Active MQ server such as the
following request:
http://www.example.com/createDestination.action?JMSDestination=[XSS_PAYL
OAD]
Once this request is sent, anyone accessing the ActiveMQ queues would
have the XSS payload executed in the context of the browser session
being used to browse using a URL such as:
http://www.example.com/queues.jsp

IV. DETECTION

The author and Apache Software Foundation's ActiveMQ group has
confirmed this vulnerability.

V. WORKAROUND

The author is currently unaware of any workaround for this issue but
fix has been released by the vendor.

VI. VENDOR RESPONSE

The Apache Software Foundation ActiveMQ team has addressed this
vulnerability by releasing version 5.3.1 of ActiveMQ.
More information can be found at the following URL.
http://issues.apache.org/activemq/browse/AMQ-2613

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CVE-2010-0684 to this issue. This is a candidate for
inclusion in the CVE list (http://cve.mitre.org/), which standardizes
names for security problems.

VIII. DISCLOSURE TIMELINE

02/17/2010 Initial vendor notification
02/17/2010 Initial vendor response
02/23/2010 Vendor Fix committed to SVN
03/24/2010 ActiveMQ 5.3.1 publicly released to fix the issue
03/30/2010 Coordinated public disclosure

IX. CREDIT

This vulnerability was reported by Rajat Swarup
(http://www.rajatswarup.com).

X. ACKNOWLEDGEMENT

The author wishes to thank Rob Davies and Dejan Bosanac of Apache
ActiveMQ team for fixing the issues on a high priority.



Arrow  References :

http://www.securityfocus.com/bid/39119
http://activemq.apache.org/activemq-531-release.html
https://issues.apache.org/activemq/browse/AMQ-2625
https://issues.apache.org/activemq/browse/AMQ-2613
http://xforce.iss.net/xforce/xfdb/57397
http://www.securityfocus.com/archive/1/archive/1/510419/100/0/threaded
http://www.rajatswarup.com/CVE-2010-0684.txt
http://securitytracker.com/id?1023778
http://secunia.com/advisories/39223




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.