CVE-2016-3088
critical-risk
Published 2016-06-01
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
Do I need to act?
!
94.3% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
+
Fix available
Upgrade to: 71cbc652835e8b6b9d17b7a28fc998fce4840a9b
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (19)
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2036.html
Broken Link
http://www.securitytracker.com/id/1035951
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-356
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-357
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2036.html
Broken Link
http://www.securitytracker.com/id/1035951
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-356
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-357
71
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
34/34 · Critical
Exposure
5/34 · Minimal