Apache ActiveMQ Source Code Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Apache ActiveMQ and is prone to source code information disclosure vulnerability.

Impact

Successful exploitation allows an attacker to view the source code of a visited page which can be used for further attacks. Impact Level: Application

Solution

Upgrade to the latest version of ActiveMQ 5.4.0 SNAPSHOT or later, For updates refer to http://activemq.apache.org/download.html Workaround: Apply workaround as in the link, https://issues.apache.org/activemq/browse/AMQ-2700

Insight

The flaw is caused by improper validation of URL. Adding '//' after the port in an URL causes it to disclose the JSP page source.

Affected

Apache ActiveMQ 5.3.1 and prior.

References

http://www.securityfocus.com/archive/1/510896
https://issues.apache.org/activemq/browse/AMQ-2700

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1587
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Open For Business HTML injection vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities