CVE-2016-0734

Source
https://cve.org/CVERecord?id=CVE-2016-0734
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0734.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-0734
Aliases
Published
2016-04-07T19:59:01.367Z
Modified
2026-07-08T12:36:13.784783Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

References

Affected packages

Git / github.com/apache/activemq

Affected ranges

Type
GIT
Repo
https://github.com/apache/activemq
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.11.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.12.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.12.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.12.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:activemq:5.13.0:*:*:*:*:*:*:*"
    ],
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "5.0.0"
        },
        {
            "last_affected": "5.0.0"
        },
        {
            "introduced": "5.1.0"
        },
        {
            "last_affected": "5.1.0"
        },
        {
            "introduced": "5.2.0"
        },
        {
            "last_affected": "5.2.0"
        },
        {
            "introduced": "5.3.0"
        },
        {
            "last_affected": "5.3.0"
        },
        {
            "introduced": "5.3.1"
        },
        {
            "last_affected": "5.3.1"
        },
        {
            "introduced": "5.3.2"
        },
        {
            "last_affected": "5.3.2"
        },
        {
            "introduced": "5.4.0"
        },
        {
            "last_affected": "5.4.0"
        },
        {
            "introduced": "5.4.1"
        },
        {
            "last_affected": "5.4.1"
        },
        {
            "introduced": "5.4.2"
        },
        {
            "last_affected": "5.4.2"
        },
        {
            "introduced": "5.4.3"
        },
        {
            "last_affected": "5.4.3"
        },
        {
            "introduced": "5.5.0"
        },
        {
            "last_affected": "5.5.0"
        },
        {
            "introduced": "5.5.1"
        },
        {
            "last_affected": "5.5.1"
        },
        {
            "introduced": "5.6.0"
        },
        {
            "last_affected": "5.6.0"
        },
        {
            "introduced": "5.7.0"
        },
        {
            "last_affected": "5.7.0"
        },
        {
            "introduced": "5.8.0"
        },
        {
            "last_affected": "5.8.0"
        },
        {
            "introduced": "5.9.0"
        },
        {
            "last_affected": "5.9.0"
        },
        {
            "introduced": "5.9.1"
        },
        {
            "last_affected": "5.9.1"
        },
        {
            "introduced": "5.10.0"
        },
        {
            "last_affected": "5.10.0"
        },
        {
            "introduced": "5.10.1"
        },
        {
            "last_affected": "5.10.1"
        },
        {
            "introduced": "5.10.2"
        },
        {
            "last_affected": "5.10.2"
        },
        {
            "introduced": "5.11.0"
        },
        {
            "last_affected": "5.11.0"
        },
        {
            "introduced": "5.11.1"
        },
        {
            "last_affected": "5.11.1"
        },
        {
            "introduced": "5.11.2"
        },
        {
            "last_affected": "5.11.2"
        },
        {
            "introduced": "5.12.0"
        },
        {
            "last_affected": "5.12.0"
        },
        {
            "introduced": "5.12.1"
        },
        {
            "last_affected": "5.12.1"
        },
        {
            "introduced": "5.12.2"
        },
        {
            "last_affected": "5.12.2"
        },
        {
            "introduced": "5.13.0"
        },
        {
            "last_affected": "5.13.0"
        }
    ]
}

Affected versions

5.*
5.0.0
5.1.0
5.10.0
5.10.1
5.10.2
5.11.0
5.11.1
5.11.2
5.12.0
5.12.1
5.12.2
5.13.0
5.2.0
5.3.0
5.3.1
5.3.2
5.4.0
5.4.1
5.4.2
5.4.3
5.5.0
5.5.1
5.6.0
5.7.0
5.8.0
5.9.0
5.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0734.json"