CVE-2013-1880

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-1029.html
http://www.securityfocus.com/bid/65615
https://bugzilla.redhat.com/show_bug.cgi?id=924447
https://issues.apache.org/jira/browse/AMQ-4398	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:activemq::::::::
	cpe:2.3:a:apache:activemq:5.0.0:::::::*
	cpe:2.3:a:apache:activemq:5.1.0:::::::*
	cpe:2.3:a:apache:activemq:5.2.0:::::::*
	cpe:2.3:a:apache:activemq:5.3.0:::::::*
	cpe:2.3:a:apache:activemq:5.3.1:::::::*
	cpe:2.3:a:apache:activemq:5.3.2:::::::*
	cpe:2.3:a:apache:activemq:5.4.0:::::::*
	cpe:2.3:a:apache:activemq:5.4.1:::::::*
	cpe:2.3:a:apache:activemq:5.4.2:::::::*
	cpe:2.3:a:apache:activemq:5.5.0:::::::*
	cpe:2.3:a:apache:activemq:5.5.1:::::::*
	cpe:2.3:a:apache:activemq:5.6.0:::::::*
	cpe:2.3:a:apache:activemq:5.7.0:::::::*

History

No history.

Information

Published : 2014-02-05 18:55

Updated : 2024-02-04 18:35

NVD link : CVE-2013-1880

Mitre link : CVE-2013-1880

CVE.ORG link : CVE-2013-1880

JSON object : View

Products Affected

apache

activemq

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2013-1880", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-02-05T18:55:06.253", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-1029.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/65615", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924447", "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/jira/browse/AMQ-4398", "tags": ["Exploit"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el servlet editor de Portfolio en la aplicaci\u00f3n web demo en Apache ActiveMQ anterior a 5.9.0 permite a atacantes remotos inyectar script Web arbitrario o HTML a trav\u00e9s del par\u00e1metro refresh hacia demo/portfolioPublish, una vulnerabilidad distinta que CVE-2012-6092."}], "lastModified": "2016-11-28T19:08:55.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A6A7D41-EFEB-4C83-991C-49C1B5A5C105", "versionEndIncluding": "5.8.0"}, {"criteria": "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "436F59B9-507A-4B4E-A9F3-022616866151"}, {"criteria": "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F58D9E69-CBF2-4FB6-B062-ED21F83CBCCB"}, {"criteria": "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05D6EC30-88DC-4424-BF86-D9C0DA5E191C"}, {"criteria": "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82ACD6BA-257F-49D0-8944-0991FB038533"}, {"criteria": "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C43FD7A1-FC03-47BC-B6C6-02C0F1466762"}, {"criteria": "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7A8D571-2925-4F61-B3F0-8F4A3776F6EA"}, {"criteria": "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47B31CD9-A3BB-427C-A631-2E8168DD1985"}, {"criteria": "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B904806-6796-4947-BDF4-EEA5681147E8"}, {"criteria": "cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61B4A1EE-7F62-4602-A102-8AD8E9FD528F"}, {"criteria": "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623530FC-12E9-480B-AFA0-C19FCFFA5D36"}, {"criteria": "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5755A41-0DBE-4F54-A1C1-4F65DCC6ACD2"}, {"criteria": "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11AADFBF-AC60-4535-892C-BE90BE858172"}, {"criteria": "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC5143E8-B392-4954-9C0D-DD39388B669F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}