CVE-2018-8006

moderate-risk

Published 2018-10-10

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.

Do I need to act?

79.9% chance of exploitation in next 30 days

EPSS score — higher than 20% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Activemq

Affected Vendors

Apache

References (20)

Vendor Advisory http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.t...

Third Party Advisory http://www.securityfocus.com/bid/105156

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23...

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966...

https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac...

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65...

https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f6072820...

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e...

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574...

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675...