activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Romain Wartel (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-2613) Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
Date Wed, 07 Apr 2010 12:15:15 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-2613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58696#action_58696
] 

Romain Wartel commented on AMQ-2613:
------------------------------------

Joe is correct.

Also, for the permanent XSS, "correlation ID" is not the only vulnerable variable. "Reply
To ", "Type", etc. are vulnerable.

It is important to sanitise user input in general, not just for the variables that are being
reported here.

> Persistent Cross-site Scripting in /createDesitnation.action [JMSDestination parameter]
> ---------------------------------------------------------------------------------------
>
>                 Key: AMQ-2613
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2613
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.3.0
>         Environment: Linux environment.
>            Reporter: Rajat Swarup
>            Assignee: Dejan Bosanac
>            Priority: Critical
>             Fix For: 5.3.1, 5.4.0
>
>
> GET /createDestination.action?JMSDestinationType=queue&JMSDestination=%22%3E%3Cscript%3Ealert%28%22persistent%20XSS%22%29%3C%2fscript%3E
> This GET request creates a queue name that has malformed queue name due to lack of input
validation.  After sending this request a sample of the effect can be seen by browsing to
/queues.jsp and clicking on the "Home" link.  
> I do not know the affected version information yet.  Is there some way I can find it?
   
> Additionally, this is vulnerable to cross-site request forgery as well but XSS is a more
critical bug than XSRF (at least at this point for me I guess).
> ----
> CVE Identifier issued for this:
> CVE-2010-0684

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message