Vulnerability CVE-2016-3088
Published: 2016-06-01

Description:
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

See advisories in our WLB2 database:
Topic
Author
Date
High
ActiveMQ < 5.14.0 web shell upload
Ian
30.06.2017

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Apache -> Activemq 

 References:
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
http://rhn.redhat.com/errata/RHSA-2016-2036.html
http://www.securitytracker.com/id/1035951
http://www.zerodayinitiative.com/advisories/ZDI-16-356
http://www.zerodayinitiative.com/advisories/ZDI-16-357
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
https://www.exploit-db.com/exploits/42283/
Copyright 2024, cxsecurity.com

 

Back to Top