Summary
This host is running Apache ActiveMQ and is prone to source code information disclosure vulnerability.
Impact
Successful exploitation allows an attacker to view the source code of a visited page which can be used for further attacks.
Impact Level: Application
Solution
Upgrade to the latest version of ActiveMQ 5.4.0 SNAPSHOT or later, For updates refer to http://activemq.apache.org/download.html
Workaround:
Apply workaround as in the link,
https://issues.apache.org/activemq/browse/AMQ-2700
Insight
The flaw is caused by improper validation of URL. Adding '//' after the port in an URL causes it to disclose the JSP page source.
Affected
Apache ActiveMQ 5.3.1 and prior.
References
Severity
Classification
-
CVE CVE-2010-1587 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Web Server ETag Header Information Disclosure Weakness
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Ampache Reflected Cross Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure