CVE-2016-3088

🗓️ 01 Jun 2016 20:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1151 Views🌐 WEB

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. NV

Reporter	Title	Published	Views	Family All 64
0day.today	Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution Vulnerabilities	3 Dec 201600:00	–	zdt
0day.today	Apache ActiveMQ < 5.14.0 - Web Shell Upload Exploit	30 Jun 201700:00	–	zdt
IBM Security Bulletins	Security Bulletin: IBM Jazz for Service Management is vulnerable due to Log4j 1.2 SocketServer Remote Code Execution and Deserialization of Untrusted Data	24 Jun 202511:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management	2 May 202412:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities	22 Jun 202316:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities	18 Feb 201914:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Directory Suite is vulnerable to multiple issues	26 Mar 202503:44	–	ibm
Gitee	Exploit for Improper Input Validation in Apple Mac_Os_X	18 Nov 201916:59	–	gitee
Gitee	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq	19 Sep 201915:47	–	gitee
Gitee	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq	14 Sep 202517:06	–	gitee

NVD

Node

apache activemqRange5.0.0–5.14.0

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-16-356
securitytracker	www.securitytracker.com/id/1035951
exploit-db	www.exploit-db.com/exploits/42283/
lists	www.lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
activemq	www.activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
lists	www.lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-16-357
rhn	www.rhn.redhat.com/errata/RHSA-2016-2036.html
lists	www.lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
<filename>	request body	fileserver/<filename>	HTTP PUT uploads a file to the fileserver directory, enabling subsequent MOVE to an admin directory for execution	CWE-434

17 Jun 2026 00:44Current

9.7High risk

Vulners AI Score9.7

CVSS 27.5

CVSS 3.19.8

EPSS0.98518

SSVC