Improper Input Validation in Apache ActiveMQ

RSS Feed CRITICAL

GHSA-rxqh-fc23-gxp2 CVE-2016-3088

Description:

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Affected Packages

Ecosystem	Package	Vulnerable Versions	Patched Version
maven	`org.apache.activemq:activemq-client`	`>= 5.0.0, < 5.14.0`	`5.14.0`

Related Dependabot Pull Requests

All Open Closed Merged

No Related Pull Requests

No Dependabot pull requests have been found that reference this security advisory.

Actions

View on GitHub All Advisories

Advisory Details

Published:	May 14, 2022 about 4 years ago
Updated:	June 03, 2026 15 days ago
CVSS Score:	9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
EPSS:	94.28% 100th percentile
Source:	Github
Classification:	GENERAL
UUID:	`GSA_kwCzR0hTQS1yeHFoLWZjMjMtZ3hwMs4AATvG`

References

https://nvd.nist.gov/vuln/detail/CVE-2016-3088
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
http://rhn.redhat.com/errata/RHSA-2016-2036.html
http://www.securitytracker.com/id/1035951
http://www.zerodayinitiative.com/advisories/ZDI-16-356
http://www.zerodayinitiative.com/advisories/ZDI-16-357
https://github.com/apache/activemq/commit/3dd86d04e8b90ba309819317d19e7260d414d9e7
https://issues.apache.org/jira/browse/AMQ-6276
https://stackoverflow.com/questions/67140241/configuring-activemq-webconsole-to-redirect-http-to-https
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
https://www.exploit-db.com/exploits/42283
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088
https://github.com/advisories/GHSA-rxqh-fc23-gxp2

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot