| CVE ID | CVE-2016-3088 |
| CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
| AFFECTED VENDORS |
Apache |
| AFFECTED PRODUCTS |
ActiveMQ |
| VULNERABILITY DETAILS |
The specific flaw exists within the "fileserver" web application. By sending a specially crafted request to the server, an attacker can upload arbitrary code that will be executed the next time the service restarts. An attacker can leverage this vulnerability to execute arbitrary code in the context of the ActiveMQ service. |
| ADDITIONAL DETAILS |
Apache has issued an update to correct this vulnerability. More details can be found at:
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt |
| DISCLOSURE TIMELINE |
|
| CREDIT | Simon Zuckerbraun - Trend Micro Zero Day Initiative |
