Apache ActiveMQ Directory Traversal Flaw Lets Remote Users Upload Files and Execute Arbitrary Code : 8/18/2015 10:38:10 AM
This eBook shows you how common web marketing tactics map to their mobile counterparts, including a "this = that" chart of web to app equivalents. From our sponsors |
| Vulnerability Databse |
| This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
Apache ActiveMQ Directory Traversal Flaw Lets Remote Users Upload Files and Execute Arbitrary Code
8/18/2015 12:00:00 AM
| Apache ActiveMQ Directory Traversal Flaw Lets Remote Users Upload Files and Execute Arbitrary Code |
| SecurityTracker Alert ID: 1033315 |
| SecurityTracker URL: http://securitytracker.com/id/1033315 |
| CVE Reference: CVE-2015-1830 (Links to External Site) |
| Date: Aug 18 2015 |
| Impact: Execution of arbitrary code via network, Modification of system information, User access via network |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): 5.0.0 - 5.11.1 |
| Description: A vulnerability was reported in Apache ActiveMQ. A remote user can upload files to and then execute arbitrary code on the target system. A remote user can exploit a directory traversal flaw in the fileserver upload/download feature used for blob messages to upload a JSP file to the administrative console and then invoke the file to execute arbitrary shell commands. Only Windows-based systems are affected. David Jorm from IIX Product Security reported this vulnerability. |
| Impact: A remote user can upload files to execute arbitrary code on the target system. |
| Solution: The vendor has issued a fix (5.11.2, 5.12.0). The vendor's advisory is available at: http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt |
| Vendor URL: activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt (Links to External Site) |
| Cause: Access control error, Input validation error |
| Underlying OS: Windows (Any) |
| |
| Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Diberdayakan oleh Blogger.