Search...

Apache ActiveMQ is prone to source code disclosure vulnerability.

2010-04-26T00:00:00

ID SECURITYVULNS:DOC:23700
Type securityvulns
Reporter Securityvulns
Modified 2010-04-26T00:00:00

Description

Apache ActiveMQ Source Code Disclosure Vulnerability

SecPod Technologies (www.secpod.com) Author Veerendra G.G

SecPod ID: 1002 04/18/2010 Issue Discovered 04/20/2010 Vendor Notified 04/21/2010 Fix Available

Class: Source code disclosure Severity: Medium

Overview:

Apache ActiveMQ is prone to source code disclosure vulnerability.

Technical Description:

An input validation error is present in Apache ActiveMQ. Adding '//' after the port in an URL causes it to disclose the JSP page source.

This has been tested on various admin pages, admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.

Impact:

Successful exploitation allows an attacker to view the source code of a visited page which can be used for further attacks.

Affected Software:

ActiveMQ 5.4 and prior ActiveMQ 5.3.1 and prior

Tested on, - ActiveMQ 5.4 SNAPSHOT on Fedora 10 - ActiveMQ 5.3.1 on Fedora 10 - ActiveMQ 5.2.0 on Fedora 10 - ActiveMQ 5.4 SNAPSHOT on Windows XP SP2 - ActiveMQ 5.3.1 on Windows XP SP2 - ActiveMQ 5.2.0 on Windows XP SP2

Reference:

http://activemq.apache.org/

Proof of Concept:

Use Browser to visit the link by replacing localhost with IP.

1) http://localhost:8161//admin/index.jsp 2) http://localhost:8161//admin/queues.jsp 3) http://localhost:8161//admin/topics.jsp

Work Around:

Work around is available at, https://issues.apache.org/activemq/browse/AMQ-2700

Solution:

Fixed in 5.4-snapshot

Risk Factor:

CVSS Score Report: 
    ACCESS_VECTOR          = NETWORK 
    ACCESS_COMPLEXITY      = LOW 
    AUTHENTICATION         = NOT_REQUIRED 
    CONFIDENTIALITY_IMPACT = PARTIAL 
    INTEGRITY_IMPACT       = NONE 
    AVAILABILITY_IMPACT    = NONE 
    EXPLOITABILITY         = PROOF_OF_CONCEPT 
    REMEDIATION_LEVEL      = WORKAROUND
    REPORT_CONFIDENCE      = CONFIRMED 
    CVSS Base Score        = 5.0 &#40;AV:N/AC:L/Au:NR/C:P/I:N/A:N&#41;

Credits:

Veerendra G.G of SecPod Technologies has been credited with the discovery of this vulnerability.

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:23700", "bulletinFamily": "software", "title": "Apache ActiveMQ is prone to source code disclosure vulnerability.", "description": "##############################################################################\r\nApache ActiveMQ Source Code Disclosure Vulnerability\r\n\r\nSecPod Technologies (www.secpod.com)\r\nAuthor Veerendra G.G\r\n###############################################################################\r\n\r\nSecPod ID: 1002 04/18/2010 Issue Discovered\r\n 04/20/2010 Vendor Notified\r\n 04/21/2010 Fix Available\r\n\r\nClass: Source code disclosure Severity: Medium\r\n\r\n\r\nOverview:\r\n---------\r\nApache ActiveMQ is prone to source code disclosure vulnerability.\r\n\r\nTechnical Description:\r\n----------------------\r\nAn input validation error is present in Apache ActiveMQ. Adding '//' after the\r\nport in an URL causes it to disclose the JSP page source.\r\n\r\nThis has been tested on various admin pages,\r\nadmin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.\r\n\r\nImpact:\r\n--------\r\nSuccessful exploitation allows an attacker to view the source code of a visited\r\npage which can be used for further attacks.\r\n\r\nAffected Software:\r\n------------------\r\nActiveMQ 5.4 and prior\r\nActiveMQ 5.3.1 and prior\r\n\r\nTested on,\r\n- ActiveMQ 5.4 SNAPSHOT on Fedora 10\r\n- ActiveMQ 5.3.1 on Fedora 10\r\n- ActiveMQ 5.2.0 on Fedora 10\r\n- ActiveMQ 5.4 SNAPSHOT on Windows XP SP2\r\n- ActiveMQ 5.3.1 on Windows XP SP2\r\n- ActiveMQ 5.2.0 on Windows XP SP2\r\n\r\nReference:\r\n---------\r\nhttp://activemq.apache.org/\r\n\r\nProof of Concept:\r\n-----------------\r\nUse Browser to visit the link by replacing localhost with IP. \r\n\r\n1) http://localhost:8161//admin/index.jsp\r\n2) http://localhost:8161//admin/queues.jsp\r\n3) http://localhost:8161//admin/topics.jsp\r\n\r\nWork Around:\r\n------------\r\nWork around is available at, https://issues.apache.org/activemq/browse/AMQ-2700\r\n\r\nSolution:\r\n----------\r\nFixed in 5.4-snapshot\r\n\r\nRisk Factor:\r\n-------------\r\n CVSS Score Report: \r\n ACCESS_VECTOR = NETWORK \r\n ACCESS_COMPLEXITY = LOW \r\n AUTHENTICATION = NOT_REQUIRED \r\n CONFIDENTIALITY_IMPACT = PARTIAL \r\n INTEGRITY_IMPACT = NONE \r\n AVAILABILITY_IMPACT = NONE \r\n EXPLOITABILITY = PROOF_OF_CONCEPT \r\n REMEDIATION_LEVEL = WORKAROUND\r\n REPORT_CONFIDENCE = CONFIRMED \r\n CVSS Base Score = 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)\r\n\r\nCredits:\r\n--------\r\nVeerendra G.G of SecPod Technologies has been credited with the discovery of\r\nthis vulnerability.", "published": "2010-04-26T00:00:00", "modified": "2010-04-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23700", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:34", "edition": 1, "viewCount": 24, "enchantments": {"score": {"value": 1.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10788"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10788"]}]}, "exploitation": null, "vulnersScore": 1.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645418645}}