[jira] [Commented] (AMQ-5033) webconsole url and html encoding missing

Dejan Bosanac (JIRA) Fri, 06 Feb 2015 03:04:20 -0800

    [ 
https://issues.apache.org/jira/browse/AMQ-5033?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14308977#comment-14308977
 ]


Dejan Bosanac commented on AMQ-5033:
------------------------------------

This issue is related to CVE-2014-8110

The vulnerability was introduced with 
https://fisheye6.atlassian.com/changelog/activemq-git?cs=0c4790bb946127ebb9a153c1fba1e3140917aad6
It's fixed with http://git-wip-us.apache.org/repos/asf/activemq/commit/994d9b26

More information is available at 
http://activemq.apache.org/security-advisories.html

> webconsole url and html encoding missing
> ----------------------------------------
>
>                 Key: AMQ-5033
>                 URL: https://issues.apache.org/jira/browse/AMQ-5033
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: webconsole
>    Affects Versions: 5.9.0
>            Reporter: Arthur Naseef
>            Assignee: Arthur Naseef
>             Fix For: 5.9.1, 5.10.0
>
>
> While working on AMQ-4813, many cases of passing text through to HTML without 
> proper HTML and URL encoding.
> I believe this can cause security risks, failed operations, or a misformatted 
> UI.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (AMQ-5033) webconsole url and html encoding missing

Reply via email to