Return-Path: Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: (qmail 53287 invoked from network); 24 Feb 2010 03:49:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 24 Feb 2010 03:49:02 -0000 Received: (qmail 88464 invoked by uid 500); 24 Feb 2010 03:49:02 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 88373 invoked by uid 500); 24 Feb 2010 03:49:02 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 88363 invoked by uid 99); 24 Feb 2010 03:49:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Feb 2010 03:49:01 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 24 Feb 2010 03:49:01 +0000 Received: from brutus.apache.org (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 2A8BE29A0013 for ; Tue, 23 Feb 2010 19:48:41 -0800 (PST) Message-ID: <1881192136.9971266983321172.JavaMail.jira@brutus.apache.org> Date: Wed, 24 Feb 2010 03:48:41 +0000 (UTC) From: "Rajat Swarup (JIRA)" To: dev@activemq.apache.org Subject: [jira] Updated: (AMQ-2613) Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter] In-Reply-To: <823914169.2221266434560069.JavaMail.jira@brutus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: ae95407df07c98740808b2ef9da0087c [ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rajat Swarup updated AMQ-2613: ------------------------------ Description: GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link. I do not know the affected version information yet. Is there some way I can find it? Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess). ---- CVE Identifier issued for this: CVE-2010-0684 was: GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link. I do not know the affected version information yet. Is there some way I can find it? Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess). > Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter] > --------------------------------------------------------------------------------------- > > Key: AMQ-2613 > URL: https://issues.apache.org/activemq/browse/AMQ-2613 > Project: ActiveMQ > Issue Type: Bug > Affects Versions: 5.3.0 > Environment: Linux environment. > Reporter: Rajat Swarup > Assignee: Dejan Bosanac > Priority: Critical > Fix For: 5.3.1, 5.4.0 > > > GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E > This GET request creates a queue name that has malformed queue name due to lack of input validation. After sending this request a sample of the effect can be seen by browsing to /queues.jsp and clicking on the "Home" link. > I do not know the affected version information yet. Is there some way I can find it? > Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more critical bug than XSRF (at least at this point for me I guess). > ---- > CVE Identifier issued for this: > CVE-2010-0684 -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.