CVE-2010-1244

Apache ActiveMQ < 5.3.1 - Cross-Site Request Forgery via JMSDestination Parameter

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39223
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57398

Scores

EPSS 0.0108
EPSS Percentile 61.3%

Details

CWE
CWE-352
Status published
Products (22)
apache/activemq 1.1
apache/activemq 1.2
apache/activemq 1.3
apache/activemq 1.4
apache/activemq 1.5
apache/activemq 2.0
apache/activemq 2.1
apache/activemq 3.0
apache/activemq 3.1
apache/activemq 3.2
... and 12 more
Published Apr 05, 2010
Tracked Since Feb 18, 2026