Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23700
HistoryApr 26, 2010 - 12:00 a.m.

Apache ActiveMQ is prone to source code disclosure vulnerability.

2010-04-2600:00:00
vulners.com
63
JSON

##############################################################################
Apache ActiveMQ Source Code Disclosure Vulnerability

SecPod Technologies (www.secpod.com)
Author Veerendra G.G
###############################################################################

SecPod ID: 1002 04/18/2010 Issue Discovered
04/20/2010 Vendor Notified
04/21/2010 Fix Available

Class: Source code disclosure Severity: Medium

Overview:

Apache ActiveMQ is prone to source code disclosure vulnerability.

Technical Description:

An input validation error is present in Apache ActiveMQ. Adding '//' after the
port in an URL causes it to disclose the JSP page source.

This has been tested on various admin pages,
admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.

Impact:

Successful exploitation allows an attacker to view the source code of a visited
page which can be used for further attacks.

Affected Software:

ActiveMQ 5.4 and prior
ActiveMQ 5.3.1 and prior

Tested on,

  • ActiveMQ 5.4 SNAPSHOT on Fedora 10
  • ActiveMQ 5.3.1 on Fedora 10
  • ActiveMQ 5.2.0 on Fedora 10
  • ActiveMQ 5.4 SNAPSHOT on Windows XP SP2
  • ActiveMQ 5.3.1 on Windows XP SP2
  • ActiveMQ 5.2.0 on Windows XP SP2

Reference:

http://activemq.apache.org/

Proof of Concept:

Use Browser to visit the link by replacing localhost with IP.

1) http://localhost:8161//admin/index.jsp
2) http://localhost:8161//admin/queues.jsp
3) http://localhost:8161//admin/topics.jsp

Work Around:

Work around is available at, https://issues.apache.org/activemq/browse/AMQ-2700

Solution:

Fixed in 5.4-snapshot

Risk Factor:

CVSS Score Report: 
    ACCESS_VECTOR          = NETWORK 
    ACCESS_COMPLEXITY      = LOW 
    AUTHENTICATION         = NOT_REQUIRED 
    CONFIDENTIALITY_IMPACT = PARTIAL 
    INTEGRITY_IMPACT       = NONE 
    AVAILABILITY_IMPACT    = NONE 
    EXPLOITABILITY         = PROOF_OF_CONCEPT 
    REMEDIATION_LEVEL      = WORKAROUND
    REPORT_CONFIDENCE      = CONFIRMED 
    CVSS Base Score        = 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)

Credits:

Veerendra G.G of SecPod Technologies has been credited with the discovery of
this vulnerability.

JSON