Lucene search

GitHub Advisory DatabaseGHSA-RXQH-FC23-GXP2

HistoryMay 14, 2022 - 1:14 a.m.

Improper Input Validation in Apache ActiveMQ

2022-05-1401:14:51

CWE-20

GitHub Advisory Database

github.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.84 High

EPSS

Percentile

98.5%

JSON

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Affected configurations

Vulners

Node

org.apache.activemq\activemqMatchclient

CPENameOperatorVersion
org.apache.activemq:activemq-clientlt5.14.0

CPE	Name	Operator	Version
	org.apache.activemq:activemq-client	lt	5.14.0

References

activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt

rhn.redhat.com/errata/RHSA-2016-2036.html

www.securitytracker.com/id/1035951

www.zerodayinitiative.com/advisories/ZDI-16-356

www.zerodayinitiative.com/advisories/ZDI-16-357

github.com/advisories/GHSA-rxqh-fc23-gxp2

github.com/apache/activemq/commit/3dd86d04e8b90ba309819317d19e7260d414d9e7

issues.apache.org/jira/browse/AMQ-6276

lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a@%3Cusers.activemq.apache.org%3E

lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2016-3088

stackoverflow.com/questions/67140241/configuring-activemq-webconsole-to-redirect-http-to-https

www.exploit-db.com/exploits/42283/

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.84 High

EPSS

Percentile

98.5%

JSON

Related for GHSA-RXQH-FC23-GXP2