Description
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Remediation
References
http://www.zerodayinitiative.com/advisories/ZDI-16-356
http://www.securitytracker.com/id/1035951
http://www.zerodayinitiative.com/advisories/ZDI-16-357
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
https://www.exploit-db.com/exploits/42283/
http://rhn.redhat.com/errata/RHSA-2016-2036.html
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
Related Vulnerabilities
CVE-2021-41561 Vulnerability in maven package org.apache.parquet:parquet
CVE-2007-6433 Vulnerability in maven package org.jboss.seam:jboss-seam
CVE-2016-1000232 Vulnerability in maven package org.webjars.npm:tough-cookie
CVE-2014-0114 Vulnerability in maven package struts:struts
CVE-2012-2733 Vulnerability in maven package org.apache.tomcat:coyote