FreeBSD : activemq -- Web Console XSS (a6cc5753-f29e-11e5-b4a9-ac220bdcec59)
Low Nessus Plugin ID 90236
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionVladimir Ivanov (Positive Technologies) reports :
Several instances of cross-site scripting vulnerabilities were identified to be present in the web-based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia.
SolutionUpdate the affected package.