Description
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Remediation
References
http://www.zerodayinitiative.com/advisories/ZDI-16-356
http://www.securitytracker.com/id/1035951
http://www.zerodayinitiative.com/advisories/ZDI-16-357
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
https://www.exploit-db.com/exploits/42283/
http://rhn.redhat.com/errata/RHSA-2016-2036.html
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
Related Vulnerabilities
CVE-2018-3735 Vulnerability in npm package bracket-template
CVE-2022-35961 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts
CVE-2020-27665 Vulnerability in npm package strapi-plugin-content-type-builder
CVE-2017-16221 Vulnerability in npm package yzt
CVE-2022-35961 Vulnerability in npm package @openzeppelin/contracts