CVE-2018-8006

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-8006
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8006.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-8006
Aliases
Related
Published
2018-10-10T14:29:00Z
Modified
2024-09-02T23:31:18Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

References

Affected packages

Debian:11 / activemq

Package

Name
activemq
Purl
pkg:deb/debian/activemq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.6-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / activemq

Package

Name
activemq
Purl
pkg:deb/debian/activemq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.6-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:13 / activemq

Package

Name
activemq
Purl
pkg:deb/debian/activemq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.6-1

Ecosystem specific 

{
    "urgency": "unimportant"
}

Git / github.com/apache/activemq

Affected ranges

Type
GIT
Repo
https://github.com/apache/activemq
Events
Introduced
38fcc0ce0178d4a6870aa4f68e2b565c1ad0aa6f
Last affected
22ace0463970445421e02ac2325354cf27b1b634