.. / CVE-2016-3088

Exploit for Apache ActiveMQ Fileserver - Arbitrary File Write (CVE-2016-3088)

Description:

Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application.

Nuclei Template

View the template here CVE-2016-3088.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-3088.yaml

References:

https://medium.com/@knownsec404team/analysis-of-apache-activemq-remote-code-execution-vulnerability-cve-2016-3088-575f80924f30
http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
https://www.exploit-db.com/exploits/40857
http://rhn.redhat.com/errata/RHSA-2016-2036.html
https://nvd.nist.gov/vuln/detail/CVE-2016-3088

.. / CVE-2016-3088 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Apache ActiveMQ Fileserver - Arbitrary File Write (CVE-2016-3088)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-3088