##############################################################################
Apache ActiveMQ Source Code Disclosure Vulnerability
SecPod Technologies (www.secpod.com)
Author Veerendra G.G
###############################################################################
SecPod ID: 1002 04/18/2010 Issue Discovered
04/20/2010 Vendor Notified
04/21/2010 Fix Available
Class: Source code disclosure Severity: Medium
Apache ActiveMQ is prone to source code disclosure vulnerability.
An input validation error is present in Apache ActiveMQ. Adding '//' after the
port in an URL causes it to disclose the JSP page source.
This has been tested on various admin pages,
admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.
Successful exploitation allows an attacker to view the source code of a visited
page which can be used for further attacks.
ActiveMQ 5.4 and prior
ActiveMQ 5.3.1 and prior
Tested on,
Use Browser to visit the link by replacing localhost with IP.
1) http://localhost:8161//admin/index.jsp
2) http://localhost:8161//admin/queues.jsp
3) http://localhost:8161//admin/topics.jsp
Work around is available at, https://issues.apache.org/activemq/browse/AMQ-2700
Fixed in 5.4-snapshot
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = LOW
AUTHENTICATION = NOT_REQUIRED
CONFIDENTIALITY_IMPACT = PARTIAL
INTEGRITY_IMPACT = NONE
AVAILABILITY_IMPACT = NONE
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = WORKAROUND
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
Veerendra G.G of SecPod Technologies has been credited with the discovery of
this vulnerability.