Uploaded image for project: 'ActiveMQ Classic'
  1. ActiveMQ Classic
  2. AMQ-2700

Apache ActiveMQ is prone to source code disclosure vulnerability.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 5.3.1
    • 5.3.2, 5.4.0
    • None
    • None
    • Linux/Windows environment

    Description

      An input validation error is present in Apache ActiveMQ. Adding '//' after the
      port in an URL causes it to disclose the JSP page source.

      This has been tested on various admin pages,
      admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.

      NOTE : Refer attached file for complete information/advisory.

      Attachments

        1. SECPOD_ActiveMQ.txt
          2 kB
          Veerendra G.G

        Activity

          People

            dejanb Dejan Bosanac
            veerendragg Veerendra G.G
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: