Synced 19 Jun 2026 07:34 UTC Account
← All products

CVE-2010-1244

MEDIUM severity · CVSS 6.8 · Cross-site request forgery (CSRF)
6.8CVSS MEDIUM

Summary

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Impact & exploitability

Attack vectorNetwork
Attack complexity
Privileges required
User interaction
Confidentiality impact
Integrity impact
Availability impact
Exploit probability (EPSS)1%

AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected products we track (1)

ActiveMQ

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: http://activemq.apache.org/activemq-531-release.html ↗

Additional information