PT-2015-2776 · Apache · Apache Activemq
Steven Seeley
·
Published
2015-08-19
·
Updated
2023-02-13
·
CVE-2015-1830
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Apache ActiveMQ versions 5.x through 5.11.1
Description
The issue exists due to incorrect restriction of the directory path name with limited access in the file server upload/download functionality of Apache ActiveMQ. This allows a remote attacker to create JSP files in arbitrary directories, potentially leading to remote code execution.
Recommendations
For Apache ActiveMQ versions 5.x through 5.11.1, update to version 5.11.2 or later to resolve the issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Activemq