activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dejan Bosanac (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (AMQ-2613) Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
Date Tue, 23 Feb 2010 15:42:40 GMT

     [ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dejan Bosanac resolved AMQ-2613.
--------------------------------

       Resolution: Fixed
    Fix Version/s: 5.4.0
                   5.3.1

Fixed with svn revision 915384 and merged into 5.3 branch.

The web console should now be immune to XSS and CSRF attacks. First ones are fixed by sanitizing
the output. The CSRF attacks are prevented by sending a secret to the form and checking it
before modifying results. Also, POST method is forced where it is applicable.


> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
>                 Key: AMQ-2613
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2613
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.3.0
>         Environment: Linux environment.
>            Reporter: Rajat Swarup
>            Assignee: Dejan Bosanac
>            Priority: Critical
>             Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input
validation.  After sending this request a sample of the effect can be seen by browsing to
/queues.jsp and clicking on the "Home" link.  
> I do not know the affected version information yet.  Is there some way I can find it?
   
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more
critical bug than XSRF (at least at this point for me I guess).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message