CVE-2010-1587 – org.apache.activemq:activemq-web-console

Package

Manager: maven
Name: org.apache.activemq:activemq-web-console
Vulnerable Version: >=5.0.0 <5.3.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.69946 pctl0.98619

Details

Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

Metadata

Created: 2022-05-14T02:45:01Z
Modified: 2024-03-15T15:22:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v2c9-9m8v-8jjm/GHSA-v2c9-9m8v-8jjm.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-v2c9-9m8v-8jjm
Finding: F184
Auto approve: 1