Apache ActiveMQ Blob Message Directory Traversal

medium Nessus Plugin ID 85580

Synopsis

A web application on the remote host is affected by a directory traversal vulnerability.

Description

The version of Apache ActiveMQ running on the remote host is affected by a directory traversal vulnerability due to improper sanitization of user-supplied input in the fileserver upload and download functionality. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to read and upload arbitrary JSP files, resulting in the execution of arbitrary commands.

Solution

Upgrade to Apache ActiveMQ 5.11.2 / 5.12.0 or later. Alternatively, apply the vendor recommended mitigation instructions.

See Also

http://www.nessus.org/u?ed82104f

Plugin Details

Severity: Medium

ID: 85580

File Name: activemq_fileserver_directory_traversal.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 8/21/2015

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2015-1830

Vulnerability Information

CPE: cpe:/a:apache:activemq

Required KB Items: installed_sw/Apache ActiveMQ

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/17/2015

Vulnerability Publication Date: 8/17/2015

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-1830