9.8

CVE-2016-3088

Warnung
Medienbericht
Exploit
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheActivemq Version >= 5.0.0 < 5.14.0

10.02.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apache ActiveMQ Improper Input Validation Vulnerability

Schwachstelle

The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 98.52% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
21.04.2026 13:32
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
17.04.2026 11:55
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
08.04.2026 19:37
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Patch
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-2036.html
Third Party Advisory
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
Vendor Advisory
http://www.securitytracker.com/id/1035951
Third Party Advisory
Broken Link
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-356
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-357
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
Vendor Advisory
Mailing List
https://www.exploit-db.com/exploits/42283/
Third Party Advisory
Exploit
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088
US Government Resource