Description
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Remediation
References
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
http://rhn.redhat.com/errata/RHSA-2016-2036.html
http://www.securitytracker.com/id/1035951
http://www.zerodayinitiative.com/advisories/ZDI-16-356
http://www.zerodayinitiative.com/advisories/ZDI-16-357
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
https://www.exploit-db.com/exploits/42283/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088
Related Vulnerabilities
CVE-2021-29479 Vulnerability in maven package io.ratpack:ratpack-core
CVE-2020-2189 Vulnerability in maven package org.jenkins-ci.plugins:scm-filter-jervis
CVE-2020-6449 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-30523 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2019-8331 Vulnerability in maven package org.webjars.bower:bootstrap