QwikSec

Security Database

CVE

CWE

Training

CVE-2016-0734

Published: Apr 7, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

[oss-security] 20160310 [ANNOUNCE] CVE-2016-0734: ActiveMQ Web Console - Clickjacking

mailing-list

x_refsource_MLIST

http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.