CRITICAL 9.8 Maven KEV
Improper Input Validation in Apache ActiveMQ
GHSA-rxqh-fc23-gxp2 · CVE-2016-3088
Published · Modified
Description
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-3088
- WEB https://github.com/apache/activemq/commit/3dd86d04e8b90ba309819317d19e7260d414d9e7
- WEB https://issues.apache.org/jira/browse/AMQ-6276
- WEB https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a@%3Cusers.activemq.apache.org%3E
- WEB https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
- WEB https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
- WEB https://stackoverflow.com/questions/67140241/configuring-activemq-webconsole-to-redirect-http-to-https
- WEB https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088
- WEB https://www.exploit-db.com/exploits/42283
- WEB http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
- WEB http://rhn.redhat.com/errata/RHSA-2016-2036.html
- WEB http://www.securitytracker.com/id/1035951
- WEB http://www.zerodayinitiative.com/advisories/ZDI-16-356
- WEB http://www.zerodayinitiative.com/advisories/ZDI-16-357
Ready to move
Start Securing
Free, no credit card | First findings in minutes