CVE-2010-1244: CSRF
First published: Mon Apr 05 2010(Updated: )
Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache ActiveMQ | =4.1.0 | |
| Apache ActiveMQ | =1.2 | |
| Apache ActiveMQ | =1.5 | |
| Apache ActiveMQ | =3.2.1 | |
| Apache ActiveMQ | =1.3 | |
| Apache ActiveMQ | =3.2 | |
| Apache ActiveMQ | =2.1 | |
| Apache ActiveMQ | =5.2.0 | |
| Apache ActiveMQ | =3.1 | |
| Apache ActiveMQ | <=5.3.0 | |
| Apache ActiveMQ | =1.4 | |
| Apache ActiveMQ | =1.1 | |
| Apache ActiveMQ | =5.0.0 | |
| Apache ActiveMQ | =4.0 | |
| Apache ActiveMQ | =4.0.2 | |
| Apache ActiveMQ | =4.0.1 | |
| Apache ActiveMQ | =3.2.2 | |
| Apache ActiveMQ | =3.0 | |
| Apache ActiveMQ | =5.1.0 | |
| Apache ActiveMQ | =4.0-rc2 | |
| Apache ActiveMQ | =4.1.1 | |
| Apache ActiveMQ | =4.0-m4 | |
| Apache ActiveMQ | =2.0 | |
| maven/org.apache.activemq:activemq-parent | <5.3.1 | 5.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/39223
- http://activemq.apache.org/activemq-531-release.html
- https://issues.apache.org/activemq/browse/AMQ-2625
- https://issues.apache.org/activemq/browse/AMQ-2613
- https://exchange.xforce.ibmcloud.com/vulnerabilities/57398
- https://nvd.nist.gov/vuln/detail/CVE-2010-1244
- https://github.com/apache/activemq/commit/1f464b9412e1b1c08d40c8ffac40edd52731da48
- https://github.com/apache/activemq/commit/f3d4034e2a7cee7b1f88c7e6b0d1d69458e1bcf0
- https://github.com/advisories/GHSA-33j4-8vcr-f79v (Advisory)
Frequently Asked Questions
What is the severity of CVE-2010-1244?
CVE-2010-1244 is classified as a moderate severity vulnerability due to its potential for exploitation through cross-site request forgery.
How do I fix CVE-2010-1244?
To mitigate CVE-2010-1244, upgrade your Apache ActiveMQ installation to version 5.3.1 or later.
What type of vulnerability is CVE-2010-1244?
CVE-2010-1244 is a cross-site request forgery (CSRF) vulnerability.
Which versions of Apache ActiveMQ are affected by CVE-2010-1244?
CVE-2010-1244 affects multiple versions of Apache ActiveMQ prior to 5.3.1.
What is the impact of exploiting CVE-2010-1244?
Exploitation of CVE-2010-1244 allows remote attackers to hijack the authentication of targeted victims, facilitating unauthorized actions such as creating queues.
- collector/github-advisory-latest
- alias/GHSA-33j4-8vcr-f79v
- alias/CVE-2010-1244
- collector/github-advisory
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/maven
- vendor/apache
- canonical/apache activemq
- version/apache activemq/5.3.0
- version/apache activemq/1.1
- version/apache activemq/1.2
- version/apache activemq/1.3
- version/apache activemq/1.4
- version/apache activemq/1.5
- version/apache activemq/2.0
- version/apache activemq/2.1
- version/apache activemq/3.0
- version/apache activemq/3.1
- version/apache activemq/3.2
- version/apache activemq/3.2.1
- version/apache activemq/3.2.2
- version/apache activemq/4.0
- version/apache activemq/4.0-m4
- version/apache activemq/4.0-rc2
- version/apache activemq/4.0.1
- version/apache activemq/4.0.2
- version/apache activemq/4.1.0
- version/apache activemq/4.1.1
- version/apache activemq/5.0.0
- version/apache activemq/5.1.0
- version/apache activemq/5.2.0