CVE-2016-3088 – org.apache.activemq:activemq-client

Package

Manager: maven
Name: org.apache.activemq:activemq-client
Vulnerable Version: >=5.0.0 <5.14.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.9429 pctl0.99933

Details

Improper Input Validation in Apache ActiveMQ The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Metadata

Created: 2022-05-14T01:14:51Z
Modified: 2024-07-25T13:38:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rxqh-fc23-gxp2/GHSA-rxqh-fc23-gxp2.json
CWE IDs: ["CWE-20", "CWE-434"]
Alternative ID: GHSA-rxqh-fc23-gxp2
Finding: F027
Auto approve: 1