Home > Vulnerability Database > CVE-2010-1244

Mend.io Vulnerability Database

CVE-2010-1244

Good to know:

Date: April 5, 2010

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

Language: Java

Severity Score

4.8

Related Resources (10)

Url: https://issues.apache.org/activemq/browse/AMQ-2625

Url: https://issues.apache.org/activemq/browse/AMQ-2613

Url: https://github.com/apache/activemq/commit/1f464b9412e1b1c08d40c8ffac40edd52731da48

Url: https://github.com/apache/activemq

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/57398

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-1244

Url: http://activemq.apache.org/activemq-531-release.html

Url: https://github.com/apache/activemq/commit/f3d4034e2a7cee7b1f88c7e6b0d1d69458e1bcf0

Url: http://secunia.com/advisories/39223

Url: https://www.mend.io/vulnerability-database/CVE-2010-1244

Severity Score

4.8

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version 5.3.1

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-1244

Good to know:

Date: April 5, 2010

Language: Java

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?