CVE-2016-0734: ActiveMQ Web Console - Clickjacking Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache ActiveMQ 5.0.0 - 5.13.1 Description: The web based administration console does not set the X-Frame-Options header in HTTP responses. This allows the console to be embedded in a frame or iframe which could then be used to cause a user to perform an unintended action in the console. Mitigation: Upgrade to Apache ActiveMQ 5.13.2 Credit: This issue was discovered by Michael Furman