activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gary Tully (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-2700) Apache ActiveMQ is prone to source code disclosure vulnerability.
Date Fri, 28 May 2010 12:15:53 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-2700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=59591#action_59591
] 

Gary Tully commented on AMQ-2700:
---------------------------------

does this resolve the following, looks like it does to me, same sort of issue about restricting
access to the resource loader:

iDefense VCP Submission V-ay6t2oua0k
05/05/2010
Apache ActiveMQ Directory Traversal Vulnerability

Description: 
Remote exploitation of a directory traversal vulnerability in Apache Software Foundation's
Apache ActiveMQ could allow an attacker to download files from a restricted directory, which
can result in information disclosure.

Apache ActiveMQ is a messaging and enterprise integration patterns provider. The platform
provides a Message Broker which handles communication between several different applications.
Apache ActiveMQ supports many popular development languages including C/C++, Python, Java,
and .NET. Apache ActiveMQ runs on a variety of platforms, including Windows, Linux and Solaris

For more information, see the vendor's site at the following link: http://activemq.apache.org

The vulnerability is due to a failure by the Message Broker to restrict directory traversals.
As a result, sensitive locations outside the configured Message Broker restricted directory
can be accessed by an attacker. No authentication is required to access the ActiveMQ Message
Broker service. 

Analysis: 
Exploitation of this vulnerability could allow an attacker to gain control over the affected
machine.

By specifying a URL location with multiple directory traversal sequences such as "/\../\../\",
it is possible for an attacker to access sensitive files hosted on the Message Broker Server
using the privileges associated with the Message Broker process. An attacker may be able to
read important system files, which will result in information disclosure, and can potentially
lead to full host compromise.

iDefense considers this vulnerability to be of MEDIUM severity because the vulnerability leads
to information disclosure. 

Credit: 
AbdulAziz Hariri




> Apache ActiveMQ is prone to source code disclosure vulnerability.
> -----------------------------------------------------------------
>
>                 Key: AMQ-2700
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2700
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.3.1
>         Environment: Linux/Windows environment
>            Reporter: Veerendra G.G
>            Assignee: Dejan Bosanac
>            Priority: Critical
>             Fix For: 5.3.2, 5.4.0
>
>         Attachments: SECPOD_ActiveMQ.txt
>
>
> An input validation error is present in Apache ActiveMQ. Adding '//' after the
> port in an URL causes it to disclose the JSP page source.
> This has been tested on various admin pages,
> admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.
> NOTE : Refer attached file for complete information/advisory.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message