CVE-2016-0734
Last modified
CVE-2016-0734 is a vulnerability of currently unknown severity. The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.. EPSS estimates a 8.32% chance of exploitation in the next 30 days.
Description
The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Activemq | 5.0.0 |
| Apache | Activemq | 5.1.0 |
| Apache | Activemq | 5.2.0 |
| Apache | Activemq | 5.3.0 |
| Apache | Activemq | 5.3.1 |
| Apache | Activemq | 5.3.2 |
| Apache | Activemq | 5.4.0 |
| Apache | Activemq | 5.4.1 |
| Apache | Activemq | 5.4.2 |
| Apache | Activemq | 5.4.3 |
| Apache | Activemq | 5.5.0 |
| Apache | Activemq | 5.5.1 |
| Apache | Activemq | 5.6.0 |
| Apache | Activemq | 5.7.0 |
| Apache | Activemq | 5.8.0 |
| Apache | Activemq | 5.9.0 |
| Apache | Activemq | 5.9.1 |
| Apache | Activemq | 5.10.0 |
| Apache | Activemq | 5.10.1 |
| Apache | Activemq | 5.10.2 |
| Apache | Activemq | 5.11.0 |
| Apache | Activemq | 5.11.1 |
| Apache | Activemq | 5.11.2 |
| Apache | Activemq | 5.12.0 |
| Apache | Activemq | 5.12.1 |
| Apache | Activemq | 5.12.2 |
| Apache | Activemq | 5.13.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-0734?
How severe is CVE-2016-0734?
How do I fix CVE-2016-0734?
Are you affected by CVE-2016-0734?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST