FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  512420
Date:      2019-09-20
Time:      15:56:44Z
Committer: pi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
950b2d60-f2a9-11e5-b4a9-ac220bdcec59activemq -- Web Console Clickjacking

Michael Furman reports:

The web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console.


Discovery 2016-03-10
Entry 2016-03-25
activemq
lt 5.13.2

http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
CVE-2016-0734
a6cc5753-f29e-11e5-b4a9-ac220bdcec59activemq -- Web Console Cross-Site Scripting

Vladimir Ivanov (Positive Technologies) reports:

Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia.


Discovery 2016-03-10
Entry 2016-03-25
activemq
lt 5.13.1

http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
CVE-2016-0782