Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-1830

Good to know:

icon
icon

Date: August 19, 2015

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.

Language: Java

Severity Score

Related Resources (14)

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
http://www.zerodayinitiative.com/advisories/ZDI-15-407/
https://issues.apache.org/jira/browse/AMQ-5754
https://nvd.nist.gov/vuln/detail/CVE-2015-1830
https://github.com/apache/activemq
http://www.securitytracker.com/id/1033315
http://www.zerodayinitiative.com/advisories/ZDI-15-407
https://github.com/apache/activemq/commit/9fd5cb7dfe0fcc431f99d5e14206e0090e72f36b
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
http://www.securityfocus.com/bid/76452
http://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html
https://github.com/apache/activemq/commit/729c4731574ffffaf58ebefdbaeb3bd19ed1c7b7
https://www.mend.io/vulnerability-database/CVE-2015-1830

Severity Score

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.activemq:activemq-fileserver:5.11.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us