9.8

CVE-2016-3088

Warnung

Medienbericht

Exploit

EPSS 94.23%
Veröffentlicht 01.06.2016 20:59:04
Zuletzt bearbeitet 21.04.2026 19:14:32
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 16

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Activemq Version >= 5.0.0 < 5.14.0

10.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apache ActiveMQ Improper Input Validation Vulnerability

Schwachstelle

The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.23%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/

Media Report

https://www.bleepingcomputer.com/news/security/cisa-flags-apache-activemq-flaw-as-actively-exploited-in-attacks/

Media Report

https://www.bleepingcomputer.com/news/security/13-year-old-bug-in-activemq-lets-hackers-remotely-execute-commands/

Media Report

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Patch

Mailing List

http://rhn.redhat.com/errata/RHSA-2016-2036.html

Third Party Advisory

http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt

Vendor Advisory

http://www.securitytracker.com/id/1035951

Third Party Advisory

Broken Link

VDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-16-356

Third Party Advisory

VDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-16-357

Third Party Advisory

VDB Entry

https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E

Mailing List

Issue Tracking

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

Vendor Advisory

Mailing List

https://www.exploit-db.com/exploits/42283/

Third Party Advisory

Exploit

VDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2016-3088

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3088

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3088

EUVD