What is CVE-2014-8110?

CVE-2014-8110 is a vulnerability in Apache ActiveMQ that allows remote attackers to execute script in a victim's web browser.

How severe is CVE-2014-8110?

CVE-2014-8110 has a severity rating of 4.3 (medium).

What software versions are affected by CVE-2014-8110?

CVE-2014-8110 affects Apache ActiveMQ versions 5.0.0 to 5.10.0.

How can CVE-2014-8110 be exploited?

CVE-2014-8110 can be exploited by using a specially-crafted URL to execute script in a victim's web browser.

Are there any references for CVE-2014-8110?

Yes, you can find references for CVE-2014-8110 in the following documents: [1] [2] [3].

Vulnerability/
CVE-2014-8110

medium

4.3

CWE

12/2/2015

14/5/2022

6/8/2024

CVE-2014-8110: XSS

First published: Thu Feb 12 2015(Updated: )

Apache ActiveMQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
IBM Security Directory Suite VA	<=8.0.1-8.0.1.19
Apache ActiveMQ	=5.0.0
Apache ActiveMQ	=5.1.0
Apache ActiveMQ	=5.2.0
Apache ActiveMQ	=5.3.0
Apache ActiveMQ	=5.3.1
Apache ActiveMQ	=5.3.2
Apache ActiveMQ	=5.4.0
Apache ActiveMQ	=5.4.1
Apache ActiveMQ	=5.4.2
Apache ActiveMQ	=5.4.3
Apache ActiveMQ	=5.5.0
Apache ActiveMQ	=5.5.1
Apache ActiveMQ	=5.6.0
Apache ActiveMQ	=5.7.0
Apache ActiveMQ	=5.8.0
Apache ActiveMQ	=5.9.0
Apache ActiveMQ	=5.9.1
Apache ActiveMQ	=5.10.0
maven/org.apache.activemq:activemq-client	>=5.0.0<5.10.1	5.10.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7001693

Frequently Asked Questions

What is CVE-2014-8110?
CVE-2014-8110 is a vulnerability in Apache ActiveMQ that allows remote attackers to execute script in a victim's web browser.
How severe is CVE-2014-8110?
CVE-2014-8110 has a severity rating of 4.3 (medium).
What software versions are affected by CVE-2014-8110?
CVE-2014-8110 affects Apache ActiveMQ versions 5.0.0 to 5.10.0.
How can CVE-2014-8110 be exploited?
CVE-2014-8110 can be exploited by using a specially-crafted URL to execute script in a victim's web browser.
Are there any references for CVE-2014-8110?
Yes, you can find references for CVE-2014-8110 in the following documents: [1] [2] [3].

collector/nvd-index
agent/type
agent/severity
agent/weakness
agent/author
agent/description
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/softwarecombine
collector/github-advisory-latest
source/GitHub
alias/GHSA-9cvr-8xq4-2m73
alias/CVE-2014-8110
agent/references
collector/github-advisory
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
agent/first-publish-date
agent/trending
vendor/apache
canonical/apache activemq
version/apache activemq/5.0.0
version/apache activemq/5.1.0
version/apache activemq/5.2.0
version/apache activemq/5.3.0
version/apache activemq/5.3.1
version/apache activemq/5.3.2
version/apache activemq/5.4.0
version/apache activemq/5.4.1
version/apache activemq/5.4.2
version/apache activemq/5.4.3
version/apache activemq/5.5.0
version/apache activemq/5.5.1
version/apache activemq/5.6.0
version/apache activemq/5.7.0
version/apache activemq/5.8.0
version/apache activemq/5.9.0
version/apache activemq/5.9.1
version/apache activemq/5.10.0
package-manager/maven
vendor/ibm
canonical/ibm security directory suite va
version/ibm security directory suite va/8.0.1-8.0.1.19