CVSS: 7.5EPSS: 6%CPEs: 23EXPL: 2CVE-2015-1830 – Apache ActiveMQ RestFilter Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1830
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors. Vulnerabilidad de salto de directorio en la funcionalidad del servidor de ficheros upload/download para mensajes blob en Apache ActiveMQ 5.x en versiones anteriores a 5.11.2 para Windows, permite a atacantes remotos crear archivos JSP en directorios arbitrarios a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache ActiveMQ. Authentication is not required to exploit this vulnerability. The specific flaw exists within ActiveMQ fileserver web application. By issuing specially crafted requests, an attacker can create an arbitrary file on the server with attacker controlled data. • https://www.exploit-db.com/exploits/48181 https://www.exploit-db.com/exploits/40857 http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt http://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html http://www.securityfocus.com/bid/76452 http://www.securitytracker.com/id/1033315 http://www.zerodayinitiative.com/advisories/ZDI-15-407 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 51%CPEs: 6EXPL: 0CVE-2014-3576 – ActiveMQ: DoS via unauthenticated remote shutdown command
https://notcve.org/view.php?id=CVE-2014-3576
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. Vulnerabilidad en la función processControlCommand en broker/TransportConnection.java en Apache ActiveMQ en versiones anteriores a 5.11.0, permite a atacantes remotos causar una denegación de servicio (apagado) a través de un comando de apagado. It was found that the Apache ActiveMQ broker exposed a remote shutdown command without requiring any authentication to use it. A remote, unauthenticated attacker could use this flaw to shut down ActiveMQ broker's listener. • http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html http://www.debian.org/security/2015/dsa-3330 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/archive/1/536862/100/0/threaded http://www.securityfocus.com/bid/76272 http://www.securitytracker.com/id/10 • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 1CVE-2014-8110
https://notcve.org/view.php?id=CVE-2014-8110
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la consola de administración basada en web en Apache ActiveMQ 5.x anterior a 5.10.1 permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • https://github.com/tafamace/CVE-2014-8110 http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt http://seclists.org/oss-sec/2015/q1/427 http://secunia.com/advisories/62649 http://www.securityfocus.com/bid/72511 https://exchange.xforce.ibmcloud.com/vulnerabilities/100724 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2014-3600 – ActiveMQ: XXE via XPath expression evaluation
https://notcve.org/view.php?id=CVE-2014-3600
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages. Una vulnerabilidad de XML External Entity (XXE) en Apache ActiveMQ, en versiones 5.x anteriores a la 5,10,1 permite que consumidores remotos provoquen impactos no especificados mediante vectores que implican un selector basado en XPath al eliminar de la cola los mensajes XML. It was discovered that Apache ActiveMQ performed XML External Entity (XXE) expansion when evaluating XPath expressions. A remote, attacker-controlled consumer able to specify an XPath-based selector to dequeue XML messages from an Apache ActiveMQ broker could use this flaw to read files accessible to the user running the broker, and potentially perform other more advanced XXE attacks. • http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt http://seclists.org/oss-sec/2015/q1/427 http://www.securityfocus.com/bid/72510 https://exchange.xforce.ibmcloud.com/vulnerabilities/100722 https://issues.apache.org/jira/browse/AMQ-5333 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E https://access.redhat.com/security/cve/CVE-2014-3600 https://bugzilla.redhat.com/show_bug.cgi?id=1133649 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2014-3612 – JAAS: LDAPLoginModule allows empty password authentication
https://notcve.org/view.php?id=CVE-2014-3612
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. La implementación de LDAPLoginModule en el Java Authentication y Authorization Service (JAAS) en Apache ActiveMQ 5.x en versiones anteriores a 5.10.1 permite a atacantes remotos to eludir la autenticación iniciando sesión con una contraseña vacía y nombre de usuario válido, lo que desencadena un enlace no autenticado. NOTA: este identificador ha sido SEPARADO por ADT2 debido a diferentes tipos de vulnerabilidad. • http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt http://rhn.redhat.com/errata/RHSA-2015-0137.html http://rhn.redhat.com/errata/RHSA-2015-0138.html http://seclists.org/oss-sec/2015/q1/427 http://www.securityfocus.com/bid/72513 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E https://access.redhat.com/security/cve/CVE-2014-3612 https://bugzilla.redhat.com/show_bug.cgi?id=1135912 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •