header-logo
Suggest Exploit
vendor:
Apache ActiveMQ
by:
5.5
CVSS
MEDIUM
Source Code Disclosure
CWE
Product Name: Apache ActiveMQ
Affected Version From: 5.3.2001
Affected Version To: 5.3.2001
Patch Exists: NO
Related CWE:
CPE: a:apache:activemq:5.3.1
Metasploit:
Other Scripts:
Platforms Tested:

Apache ActiveMQ Source Code Disclosure Vulnerability

The vulnerability allows attackers to access source code by exploiting the lack of proper sanitization of user-supplied input in Apache ActiveMQ. By exploiting this vulnerability, an attacker can retrieve arbitrary files from the vulnerable computer in the context of the webserver process, potentially aiding in further attacks.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/39636/info

Apache ActiveMQ is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks.

Apache ActiveMQ 5.3.1 and prior are vulnerable.

NOTE: This vulnerability may be related to BID 27117 (Jetty Double Slash URI Information Disclosure Vulnerability).

http://www.example.com:8161//admin/index.jsp
http://www.example.com:8161//admin/queues.jsp
http://www.example.com:8161//admin/topics.jsp