Описание
Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-1830
- https://github.com/apache/activemq/commit/729c4731574ffffaf58ebefdbaeb3bd19ed1c7b7
- https://github.com/apache/activemq/commit/9fd5cb7dfe0fcc431f99d5e14206e0090e72f36b
- https://github.com/apache/activemq
- https://issues.apache.org/jira/browse/AMQ-5754
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
- https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
- http://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html
- http://www.securityfocus.com/bid/76452
- http://www.securitytracker.com/id/1033315
- http://www.zerodayinitiative.com/advisories/ZDI-15-407
Пакеты
org.apache.activemq:activemq-client
>= 5.0.0, <= 5.11.1
5.11.2
Связанные уязвимости
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
Directory traversal vulnerability in the fileserver upload/download fu ...
Уязвимость программной платформы Apache ActiveMQ, позволяющая нарушителю создавать JSP-файлы в произвольных директориях