FreeBSD : activemq -- Web Console XSS (a6cc5753-f29e-11e5-b4a9-ac220bdcec59)

Low Nessus Plugin ID 90236


The remote FreeBSD host is missing a security-related update.


Vladimir Ivanov (Positive Technologies) reports :

Several instances of cross-site scripting vulnerabilities were identified to be present in the web-based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia.


Update the affected package.

See Also

Plugin Details

Severity: Low

ID: 90236

File Name: freebsd_pkg_a6cc5753f29e11e5b4a9ac220bdcec59.nasl

Version: $Revision: 2.7 $

Type: local

Published: 2016/03/28

Modified: 2016/12/19

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N


Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:activemq, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/03/25

Vulnerability Publication Date: 2016/03/10

Reference Information

CVE: CVE-2016-0782