9.8
CVE-2016-3088
- EPSS 94.29%
- Published 01.06.2016 20:59:04
- Last modified 12.04.2025 10:46:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Data is provided by the National Vulnerability Database (NVD)
10.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Apache ActiveMQ Improper Input Validation Vulnerability
VulnerabilityThe Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request
DescriptionApply updates per vendor instructions.
Required actionsType | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 94.29% | 0.999 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.