Detections
Analytics

Apache ActiveMQ Web Console Test Pages Information Disclosure

medium Nessus Plugin ID 45553

Language:

Synopsis

A web application running on the remote host is leaking information.

Description

The Apache ActiveMQ Web Console running on the remote host is leaking information via its test pages. The ActiveMQ Web Console allows unrestricted, unauthenticated access by default, and the test pages are used for testing the environment and web framework.

One of the included test pages, 'systemProperties.jsp', displays information about the ActiveMQ installation and the system it is running on, which a remote attacker can use to mount further attacks.

Solution

Restrict access to the ActiveMQ Web Console.

See Also

http://activemq.apache.org/web-console.html

Plugin Details

Severity: Medium

ID: 45553

File Name: activemq_test_pages_info_leak.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 4/16/2010

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

CVSS Score Rationale: Score based on internal evaluation of the vulnerability by tenable.

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:apache:activemq

Required KB Items: installed_sw/Apache ActiveMQ

Excluded KB Items: Settings/disable_cgi_scanning