CVE-2015-1830

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:26

Type Values Removed Values Added
References () http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt - () http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt -
References () http://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html - () http://packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html -
References () http://www.securityfocus.com/bid/76452 - () http://www.securityfocus.com/bid/76452 -
References () http://www.securitytracker.com/id/1033315 - () http://www.securitytracker.com/id/1033315 -
References () http://www.zerodayinitiative.com/advisories/ZDI-15-407 - () http://www.zerodayinitiative.com/advisories/ZDI-15-407 -
References () http://www.zerodayinitiative.com/advisories/ZDI-15-407/ - () http://www.zerodayinitiative.com/advisories/ZDI-15-407/ -
References () https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E - () https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E -

Information

Published : 2015-08-19 15:59

Updated : 2024-11-21 02:26


NVD link : CVE-2015-1830

Mitre link : CVE-2015-1830

CVE.ORG link : CVE-2015-1830


JSON object : View

Products Affected

apache

  • activemq

microsoft

  • windows
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')