NVD

Id
17145  
Name
CVE-2016-0782  
Description
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.  
Reject
 
CVSS Version
2  
CVSS Score
3.5  
Severity
Low  
CVSS Base Score
3.5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2016-08-05  
Modified Date
2016-11-28  
Seq
2016-0782  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
95300 17145 CVE-2016-0782 http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt  View
95301 17145 CVE-2016-0782 http://packetstormsecurity.com/files/136215/Apache-ActiveMQ-5.13.0-Cross-Site-Scripting.html  View
95302 17145 CVE-2016-0782 20160310 [ANNOUNCE] CVE-2016-0782: ActiveMQ Web Console - Cross-Site Scripting  View
95303 17145 CVE-2016-0782 RHSA-2016:1424  View
95304 17145 CVE-2016-0782 https://bugzilla.redhat.com/show_bug.cgi?id=1317516  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
3418 JVNDB-2016-004191 Apache ActiveMQ の管理 Web コンソールにおけるクロスサイトスクリプティングの脆弱性 Apache ActiveMQ の管理 Web コンソールには、クロスサイトスクリプティング攻撃を実行され、その結果、Java のメモリダンプから重要な情報を取得される脆弱性が存在します。 CVE-2016-0782 86986 CVE-2016-0782 17145 3.5 5.4 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004191.html 2016-03-14 2016-08-10 View