CVE-2016-3088

Опубликовано: 01 июн. 2016

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Критический

Описание

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Ссылки

http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2036.html
Third Party Advisory
http://www.securitytracker.com/id/1035951
Broken Link
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-356
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-357
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
Issue Tracking
Mailing List
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
Mailing List
Vendor Advisory
https://www.exploit-db.com/exploits/42283/
Exploit
Third Party Advisory
VDB Entry
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2036.html
Third Party Advisory
http://www.securitytracker.com/id/1035951
Broken Link
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-356
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-357
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Mailing List
Patch
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
Issue Tracking
Mailing List
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
Mailing List
Vendor Advisory
https://www.exploit-db.com/exploits/42283/
Exploit
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.14.0 (исключая)

EPSS

Процентиль: 100%

0.94294

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

CVE-2016-3088

CVSS3: 9.8

ubuntu

больше 9 лет назад

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

CVE-2016-3088

redhat

больше 9 лет назад

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

CVE-2016-3088

CVSS3: 9.8

debian

больше 9 лет назад

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 al ...

GHSA-rxqh-fc23-gxp2

CVSS3: 9.8

github

больше 3 лет назад

Improper Input Validation in Apache ActiveMQ

BDU:2022-04782

CVSS3: 9.8

fstec

больше 9 лет назад

Уязвимость приложения Fileserver программной платформы Apache ActiveMQ, позволяющая нарушителю загрузить и выполнить произвольный файл

EPSS

Процентиль: 100%

0.94294

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434