[AMQ-2700] Apache ActiveMQ is prone to source code disclosure vulnerability. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.3.1
Fix Version/s: 5.3.2, 5.4.0
Component/s: None
Labels:
None
Environment:

Linux/Windows environment

Description

An input validation error is present in Apache ActiveMQ. Adding '//' after the
port in an URL causes it to disclose the JSP page source.

This has been tested on various admin pages,
admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.

NOTE : Refer attached file for complete information/advisory.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SECPOD_ActiveMQ.txt
20/Apr/10 11:28
2 kB
Veerendra G.G

Activity

People

Assignee:: Dejan Bosanac

Reporter:: Veerendra G.G

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Apr/10 11:25

Updated:: 22/Jun/10 08:06

Resolved:: 21/Apr/10 10:19