|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
The specific flaw exists within the "fileserver" web application. By sending a specially crafted request to the server, an attacker can upload arbitrary code that will be executed the next time the service restarts. An attacker can leverage this vulnerability to execute arbitrary code in the context of the ActiveMQ service.
Apache has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Simon Zuckerbraun - Trend Micro Zero Day Initiative