CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 10CVE-2016-3088 – Apache ActiveMQ Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2016-3088
24 May 2016 — The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. La aplicación web Fileserver en Apache ActiveMQ 5.x en versiones anteriores a 5.14.0 permite a atacantes remotos cargar y ejecutar archivos arbitrarios a través de un PUT HTTP seguido de una petición MOVE HTTP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache ActiveMQ. Auth... • https://packetstorm.news/files/id/143191 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 1%CPEs: 28EXPL: 0CVE-2016-0782 – activemq: Cross-site scripting vulnerabilities in web console
https://notcve.org/view.php?id=CVE-2016-0782
13 Mar 2016 — The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. La consola de administración web en Apache ActiveMQ 5.x en versiones anteriores a 5.11.4, 5.12.x en versiones anteriores a 5.12.3 y 5.13.x en versiones anteriores a 5.13.2 permite a usuarios remotos autent... • http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •