Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1830 — Path Traversal in Apache Activemq

CWE-22 — Path Traversal11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
86.0%
top 0.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Activemq
Timeline
PublishedAug 19
Latest updateMay 14

Description

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDapache/activemq22 versions+21

🔴Vulnerability Details

3
GHSA
Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ↗2022-05-14
â–¶
OSV
Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ↗2022-05-14
â–¶
CVEList
CVE-2015-1830: Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5↗2015-08-19
â–¶

💥Exploits & PoCs

3
Exploit-DB
Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)↗2020-03-09
â–¶
Exploit-DB
Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution↗2015-08-17
â–¶
Metasploit
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload↗
â–¶

📋Vendor Advisories

1
Debian
CVE-2015-1830: activemq - Directory traversal vulnerability in the fileserver upload/download functionalit...↗2015
â–¶

💬Community

3
Bugzilla
CVE-2016-3088 activemq: Fileserver web application vulnerability allowing RCE↗2016-05-24
â–¶
Bugzilla
CVE-2015-1830 ActiveMQ: Path traversal leading to unauthenticated RCE↗2015-08-31
â–¶
Bugzilla
CVE-2015-1830 Path traversal leading to unauthenticated RCE in ActiveMQ↗2015-08-31
â–¶
CVE-2015-1830 — Path Traversal in Apache Activemq | cvebase