[prev in list] [next in list] [prev in thread] [next in thread] 

List:       activemq-dev
Subject:    [jira] Commented: (AMQ-2700) Apache ActiveMQ is prone to source
From:       "Gary Tully (JIRA)" <jira () apache ! org>
Date:       2010-05-28 12:15:53
Message-ID: 5861172.5481275048953277.JavaMail.jira () thor
[Download RAW message or body]


    [ https://issues.apache.org/activemq/browse/AMQ-2700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=59591#action_59591 \
] 

Gary Tully commented on AMQ-2700:
---------------------------------

does this resolve the following, looks like it does to me, same sort of issue about \
restricting access to the resource loader:

iDefense VCP Submission V-ay6t2oua0k
05/05/2010
Apache ActiveMQ Directory Traversal Vulnerability

Description: 
Remote exploitation of a directory traversal vulnerability in Apache Software \
Foundation's Apache ActiveMQ could allow an attacker to download files from a \
restricted directory, which can result in information disclosure.

Apache ActiveMQ is a messaging and enterprise integration patterns provider. The \
platform provides a Message Broker which handles communication between several \
different applications. Apache ActiveMQ supports many popular development languages \
including C/C++, Python, Java, and .NET. Apache ActiveMQ runs on a variety of \
platforms, including Windows, Linux and Solaris

For more information, see the vendor's site at the following link: \
http://activemq.apache.org

The vulnerability is due to a failure by the Message Broker to restrict directory \
traversals. As a result, sensitive locations outside the configured Message Broker \
restricted directory can be accessed by an attacker. No authentication is required to \
access the ActiveMQ Message Broker service. 

Analysis: 
Exploitation of this vulnerability could allow an attacker to gain control over the \
affected machine.

By specifying a URL location with multiple directory traversal sequences such as \
"/\../\../\", it is possible for an attacker to access sensitive files hosted on the \
Message Broker Server using the privileges associated with the Message Broker \
process. An attacker may be able to read important system files, which will result in \
information disclosure, and can potentially lead to full host compromise.

iDefense considers this vulnerability to be of MEDIUM severity because the \
vulnerability leads to information disclosure. 

Credit: 
AbdulAziz Hariri




> Apache ActiveMQ is prone to source code disclosure vulnerability.
> -----------------------------------------------------------------
> 
> Key: AMQ-2700
> URL: https://issues.apache.org/activemq/browse/AMQ-2700
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.3.1
> Environment: Linux/Windows environment
> Reporter: Veerendra G.G
> Assignee: Dejan Bosanac
> Priority: Critical
> Fix For: 5.3.2, 5.4.0
> 
> Attachments: SECPOD_ActiveMQ.txt
> 
> 
> An input validation error is present in Apache ActiveMQ. Adding '//' after the
> port in an URL causes it to disclose the JSP page source.
> This has been tested on various admin pages,
> admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.
> NOTE : Refer attached file for complete information/advisory.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


[prev in list] [next in list] [prev in thread] [next in thread]