This page lists publicly disclosed CVE vulnerabilities affecting apache activemq (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2010-1587 | The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp. | [email protected] | 5.0 | 78.02% | 2010-04-28 | 2026-06-16 |
| CVE-2010-1244 | Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action. | [email protected] | 6.8 | 1.07% | 2010-04-05 | 2026-06-16 |
| CVE-2010-0684 | Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. | [email protected] | 3.5 | 4.28% | 2010-04-05 | 2026-06-16 |