FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
950b2d60-f2a9-11e5-b4a9-ac220bdcec59activemq -- Web Console Clickjacking

Michael Furman reports:

The web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console.

Discovery 2016-03-10
Entry 2016-03-25
lt 5.13.2
a6cc5753-f29e-11e5-b4a9-ac220bdcec59activemq -- Web Console Cross-Site Scripting

Vladimir Ivanov (Positive Technologies) reports:

Several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console as well as the ability to trigger a Java memory dump into an arbitrary folder. The root cause of these issues are improper user data output validation and incorrect permissions configured on Jolokia.

Discovery 2016-03-10
Entry 2016-03-25
lt 5.13.1