CVE-2018-8006
MEDIUM EXPLOITED NUCLEIApache ActiveMQ 5.0.0-5.15.5 - Cross-Site Scripting via QueueFilter Parameter
Title source: llmExploitation Summary
CVE-2018-8006 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
Nuclei Templates (1)
Apache ActiveMQ <=5.15.5 - Cross-Site Scripting
MEDIUMby pdteam
Shodan:
cpe:"cpe:2.3:a:apache:activemq" || product:"activemq openwire transport"
References (10)
Core 10
Core References
Vendor Advisory x_refsource_confirm
http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105156
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2%40%3Cgitbox.activemq.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814%40%3Cgitbox.activemq.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
Scores
CVSS v3
6.1
EPSS
0.5750
EPSS Percentile
99.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2023-12-05
CWE
CWE-79
Status
published
Products (2)
apache/activemq
5.0.0 - 5.15.5
org.apache.activemq/activemq-web-console
5.0.0 - 5.15.6Maven
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026