1
Candidate: CVE-2012-6092
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6092
5
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282
6
https://issues.apache.org/jira/browse/AMQ-4115
7
https://fisheye6.atlassian.com/changelog/activemq?cs=1399577
8
http://activemq.apache.org/activemq-580-release.html
10
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in
11
Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web
12
script or HTML via (1) the refresh parameter to
13
PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data
14
Publisher), or vectors involving (2) debug logs or (3) subscribe messages
15
in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
18
mdeslaur> example code not shipped in Ubuntu/Debian
25
upstream_activemq: needs-triage
28
oneiric_activemq: ignored (reached end-of-life)
29
precise_activemq: not-affected (code not present)
30
quantal_activemq: ignored (reached end-of-life)
31
raring_activemq: ignored (reached end-of-life)
32
saucy_activemq: ignored (reached end-of-life)
33
trusty_activemq: not-affected (code not present)
34
utopic_activemq: ignored (reached end-of-life)
35
vivid_activemq: ignored (reached end-of-life)
36
vivid/stable-phone-overlay_activemq: DNE
37
vivid/ubuntu-core_activemq: DNE
38
wily_activemq: not-affected (code not present)
39
devel_activemq: not-affected (code not present)