CVE-2016-3088
published 2016-06-01CVE-2016-3088: The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-08-10
Exploited in the wild
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | activemq | >= 0 < 5.14.0+dfsg-1 | 5.14.0+dfsg-1 |
| apache | activemq | >= 0 < 5.14.0+dfsg-1 | 5.14.0+dfsg-1 |
| apache | activemq | >= 0 < 5.14.0+dfsg-1 | 5.14.0+dfsg-1 |
| apache | activemq | >= 5.0.0 < 5.14.0 | 5.14.0 |
| debian | activemq | < activemq 5.14.0+dfsg-1 (bookworm) | activemq 5.14.0+dfsg-1 (bookworm) |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL