admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/ActiveMQ/CVE-2016-3088
History
tardc 60bc23c76d Update CVE-2016-3088.gif
2020-04-20 09:57:40 +08:00
..
CVE-2016-3088.gif
Update CVE-2016-3088.gif
2020-04-20 09:57:40 +08:00
README.md
Update README.md
2020-04-17 18:03:41 +08:00

README.md

CVE-2016-3088 ActiveMQ Arbitrary File Write Vulnerability

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. Therefore, we can write a file and then move it to any directory, thereby causing arbitrary file writing vulnerability.

Affected version: Apache ActiveMQ 5.x - 5.13.x

FOFA query rule: app="Apache-ActiveMQ"

Demo