Description
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Remediation
References
http://www.zerodayinitiative.com/advisories/ZDI-16-356
http://www.securitytracker.com/id/1035951
http://www.zerodayinitiative.com/advisories/ZDI-16-357
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
https://www.exploit-db.com/exploits/42283/
http://rhn.redhat.com/errata/RHSA-2016-2036.html
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
Related Vulnerabilities
CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-25842 Vulnerability in maven package com.alibaba.oneagent:one-java-agent-plugin
CVE-2017-16153 Vulnerability in npm package gaoxuyan
CVE-2019-9514 Vulnerability in maven package io.netty:netty-codec-http2
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12