CVE-2016-3088

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions 5.x through 5.13.x

Description The issue exists due to insufficient input validation in the Fileserver web application. It allows a remote attacker to upload and execute arbitrary files via an HTTP PUT request followed by an HTTP MOVE request. This can be achieved by sending a PUT request to a vulnerable endpoint, such as /fileserver, and then sending a MOVE request to execute the uploaded file.

Recommendations For Apache ActiveMQ versions 5.x through 5.13.x, update to version 5.14.0 or later to resolve the issue. As a temporary workaround, consider disabling the HTTP MOVE method for the Fileserver web application until a patch is available. Restrict access to the Fileserver web application to minimize the risk of exploitation.