Vulnerability in Apache Software Foundation Activemq
CVE-2018-8006
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filte…
EPSS: 0.785 (99.1th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Activemq — versions 5.0.0 to 5.15.5
Public proof-of-concept exploits
References
- activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt (x_refsource_CONFIRM)
- 105156 (vdb-entry, x_refsource_BID)
- [activemq-commits] 20190327 [CONF] Apache ActiveMQ > Security Advisories (mailing-list, x_refsource_MLIST)
- [activemq-dev] 20190327 Re: Website (mailing-list, x_refsource_MLIST)
- [activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/ (mailing-list, x_refsource_MLIST)
- [activemq-dev] 20190328 Re: Website (mailing-list, x_refsource_MLIST)
- [activemq-gitbox] 20191021 [GitHub] [activemq-website] clebertsuconic commented on a change in pull request #17: Fix the ordering in the security advisories page (mailing-list, x_refsource_MLIST)
- [activemq-gitbox] 20191022 [GitHub] [activemq-website] coheigea commented on a change in pull request #17: Fix the ordering in the security advisories page (mailing-list, x_refsource_MLIST)
- [activemq-commits] 20200514 [activemq-website] branch master updated: Publish CVE-2020-1941 security advisory (mailing-list, x_refsource_MLIST)
- [activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947 (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2018-8006?
- CVE-2018-8006 is a vulnerability in Apache Software Foundation Activemq. Published 2018-10-10.
- Is CVE-2018-8006 known to be exploited?
- 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.