Candidate: CVE-2014-8110
PublicDate: 2015-02-12 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8110
 http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
 http://xforce.iss.net/xforce/xfdb/100724
 http://seclists.org/oss-sec/2015/q1/427
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702670
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in the web based
 administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote
 attackers to inject arbitrary web script or HTML via unspecified vectors.
Ubuntu-Description:
Notes:
 seth-arnold> Debian notes the admin console doesn't work in Debian packages:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702670
Bugs:
Priority: low
Discovered-by: Georgi Geshev
Assigned-to:
CVSS: 

Patches_activemq:
upstream_activemq: released (5.10.1, 5.11.0)
lucid_activemq: DNE
precise_activemq: not-affected (code not present)
trusty_activemq: not-affected (code not present)
trusty/esm_activemq: DNE (trusty was not-affected [code not present])
utopic_activemq: ignored (reached end-of-life)
vivid_activemq: ignored (reached end-of-life)
vivid/stable-phone-overlay_activemq: DNE
vivid/ubuntu-core_activemq: DNE
wily_activemq: not-affected (code not present)
devel_activemq: not-affected (5.13.2+dfsg-2)