[prev in list] [next in list] [prev in thread] [next in thread]
List: activemq-dev
Subject: [jira] Commented: (AMQ-2700) Apache ActiveMQ is prone to source
From: "Gary Tully (JIRA)" <jira () apache ! org>
Date: 2010-05-28 12:15:53
Message-ID: 5861172.5481275048953277.JavaMail.jira () thor
[Download RAW message or body]
[ https://issues.apache.org/activemq/browse/AMQ-2700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=59591#action_59591 \
]
Gary Tully commented on AMQ-2700:
---------------------------------
does this resolve the following, looks like it does to me, same sort of issue about \
restricting access to the resource loader:
iDefense VCP Submission V-ay6t2oua0k
05/05/2010
Apache ActiveMQ Directory Traversal Vulnerability
Description:
Remote exploitation of a directory traversal vulnerability in Apache Software \
Foundation's Apache ActiveMQ could allow an attacker to download files from a \
restricted directory, which can result in information disclosure.
Apache ActiveMQ is a messaging and enterprise integration patterns provider. The \
platform provides a Message Broker which handles communication between several \
different applications. Apache ActiveMQ supports many popular development languages \
including C/C++, Python, Java, and .NET. Apache ActiveMQ runs on a variety of \
platforms, including Windows, Linux and Solaris
For more information, see the vendor's site at the following link: \
http://activemq.apache.org
The vulnerability is due to a failure by the Message Broker to restrict directory \
traversals. As a result, sensitive locations outside the configured Message Broker \
restricted directory can be accessed by an attacker. No authentication is required to \
access the ActiveMQ Message Broker service.
Analysis:
Exploitation of this vulnerability could allow an attacker to gain control over the \
affected machine.
By specifying a URL location with multiple directory traversal sequences such as \
"/\../\../\", it is possible for an attacker to access sensitive files hosted on the \
Message Broker Server using the privileges associated with the Message Broker \
process. An attacker may be able to read important system files, which will result in \
information disclosure, and can potentially lead to full host compromise.
iDefense considers this vulnerability to be of MEDIUM severity because the \
vulnerability leads to information disclosure.
Credit:
AbdulAziz Hariri
> Apache ActiveMQ is prone to source code disclosure vulnerability.
> -----------------------------------------------------------------
>
> Key: AMQ-2700
> URL: https://issues.apache.org/activemq/browse/AMQ-2700
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.1
> Environment: Linux/Windows environment
> Reporter: Veerendra G.G
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.2, 5.4.0
>
> Attachments: SECPOD_ActiveMQ.txt
>
>
> An input validation error is present in Apache ActiveMQ. Adding '//' after the
> port in an URL causes it to disclose the JSP page source.
> This has been tested on various admin pages,
> admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.
> NOTE : Refer attached file for complete information/advisory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic