CVE-2010-1244
Apache ActiveMQ < 5.3.1 - Cross-Site Request Forgery via JMSDestination Parameter
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
References (5)
Core 5
Core References
Exploit x_refsource_confirm
https://issues.apache.org/activemq/browse/AMQ-2613
Patch x_refsource_confirm
http://activemq.apache.org/activemq-531-release.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39223
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57398
Exploit x_refsource_confirm
https://issues.apache.org/activemq/browse/AMQ-2625
Scores
EPSS
0.0108
EPSS Percentile
61.3%
Details
CWE
CWE-352
Status
published
Products (22)
apache/activemq
1.1
apache/activemq
1.2
apache/activemq
1.3
apache/activemq
1.4
apache/activemq
1.5
apache/activemq
2.0
apache/activemq
2.1
apache/activemq
3.0
apache/activemq
3.1
apache/activemq
3.2
... and 12 more
Published
Apr 05, 2010
Tracked Since
Feb 18, 2026