CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-3088

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score50.9040%
EPSS Percentile98.94th
Published2016年6月1日
Last Modified2026年4月21日

Vulnerability Description

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Affected Platforms (CPE)

📦
Apache

Activemq

>= 5.0.0 and < 5.14.0

References & Advisories

🔗 http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
🔗 http://rhn.redhat.com/errata/RHSA-2016-2036.html
🔗 http://www.securitytracker.com/id/1035951
🔗 http://www.zerodayinitiative.com/advisories/ZDI-16-356
🔗 http://www.zerodayinitiative.com/advisories/ZDI-16-357
🔗 https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
🔗 https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
🔗 https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

相关漏洞威胁

CVE-2020-119989.8

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, ...

CVE-2020-139319.8

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker...

CVE-2020-119699.8

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX po...

CVE-2014-35799.8

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified imp...