Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1587Improper Input Validation in Apache Activemq

CWE-20Improper Input Validation7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
77.9%
top 0.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Activemq
Timeline
PublishedApr 28
Latest updateMay 14

Description

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/activemq6 versions+5

Patches

Patch: issues.apache.orgPatch: issues.apache.org

🔴Vulnerability Details

3
GHSA
Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler2022-05-14
OSV
Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler2022-05-14
CVEList
CVE-2010-1587: The Jetty ResourceHandler in Apache ActiveMQ 52010-04-28

💥Exploits & PoCs

1
Exploit-DB
Apache ActiveMQ 5.2/5.3 - Source Code Information Disclosure2010-04-22

📋Vendor Advisories

1
Red Hat
ActiveMQ JSP source disclosure2010-04-20

💬Community

1
Bugzilla
CVE-2010-1587 ActiveMQ JSP source disclosure2010-04-29
CVE-2010-1587 — Improper Input Validation in Apache | cvebase