Ian Anderson

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ versions 5.x through 5.13.x **Description** The issue exists due to insufficient input validation in the Fileserver web application. It allows a remote attacker to upload and execute arbitrary files via an HTTP PUT request followed by an HTTP MOVE request. This can be achieved by sending a `PUT` request to a vulnerable endpoint, such as `/fileserver`, and then sending a `MOVE` request to execute the uploaded file. **Recommendations** For Apache ActiveMQ versions 5.x through 5.13.x, update to version 5.14.0 or later to resolve the issue. As a temporary workaround, consider disabling the HTTP MOVE method for the Fileserver web application until a patch is available. Restrict access to the Fileserver web application to minimize the risk of exploitation.