Summary
This host is running Apache ActiveMQ and is prone to source code information disclosure vulnerability.
Impact
Successful exploitation allows an attacker to view the source code of a visited page which can be used for further attacks.
Impact Level: Application
Solution
Upgrade to the latest version of ActiveMQ 5.4.0 SNAPSHOT or later, For updates refer to http://activemq.apache.org/download.html
Workaround:
Apply workaround as in the link,
https://issues.apache.org/activemq/browse/AMQ-2700
Insight
The flaw is caused by improper validation of URL. Adding '//' after the port in an URL causes it to disclose the JSP page source.
Affected
Apache ActiveMQ 5.3.1 and prior.
References
Severity
Classification
-
CVE CVE-2010-1587 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability