activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "veerendra (JIRA)" <j...@apache.org>
Subject [jira] Created: (AMQ-2700) Apache ActiveMQ is prone to source code disclosure vulnerability.
Date Tue, 20 Apr 2010 11:26:14 GMT
Apache ActiveMQ is prone to source code disclosure vulnerability.
-----------------------------------------------------------------

                 Key: AMQ-2700
                 URL: https://issues.apache.org/activemq/browse/AMQ-2700
             Project: ActiveMQ
          Issue Type: Bug
    Affects Versions: 5.3.1
         Environment: Linux/Windows environment
            Reporter: veerendra


An input validation error is present in Apache ActiveMQ. Adding '//' after the
port in an URL causes it to disclose the JSP page source.

This has been tested on various admin pages,
admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.

NOTE : Refer attached file for complete information/advisory.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message