TUCoPS :: Web :: Apache :: bt-30025.htm

Apache ActiveMQ is prone to source code disclosure vulnerability.
Apache ActiveMQ is prone to source code disclosure vulnerability.
Apache ActiveMQ is prone to source code disclosure vulnerability.



------=_20100422201310_16572
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


------=_20100422201310_16572
Content-Type: text/plain; name="SECPOD_ActiveMQ.txt"
Content-Disposition: attachment; filename="SECPOD_ActiveMQ.txt"
Content-Transfer-Encoding: quoted-printable

##############################################################################
Apache ActiveMQ Source Code Disclosure Vulnerability

SecPod Technologies (www.secpod.com) 
Author Veerendra G.G
###############################################################################

SecPod ID:	1002			04/18/2010 Issue Discovered
					04/20/2010 Vendor Notified
					04/21/2010 Fix Available

Class: Source code disclosure 		Severity: Medium


Overview:
---------
Apache ActiveMQ is prone to source code disclosure vulnerability.

Technical Description:
----------------------
An input validation error is present in Apache ActiveMQ. Adding '//' after the
port in an URL causes it to disclose the JSP page source.

This has been tested on various admin pages,
admin/index.jsp, admin/queues.jsp, admin/topics.jsp etc.

Impact:
--------
Successful exploitation allows an attacker to view the source code of a visited
page which can be used for further attacks.

Affected Software:
------------------
ActiveMQ 5.4 and prior
ActiveMQ 5.3.1 and prior

Tested on,
- ActiveMQ 5.4 SNAPSHOT on Fedora 10
- ActiveMQ 5.3.1 on Fedora 10
- ActiveMQ 5.2.0 on Fedora 10
- ActiveMQ 5.4 SNAPSHOT on Windows XP SP2
- ActiveMQ 5.3.1 on Windows XP SP2
- ActiveMQ 5.2.0 on Windows XP SP2

Reference:
---------
http://activemq.apache.org/ 

Proof of Concept:
-----------------
Use Browser to visit the link by replacing localhost with IP. 

1) http://localhost:8161//admin/index.jsp 
2) http://localhost:8161//admin/queues.jsp 
3) http://localhost:8161//admin/topics.jsp 

Work Around:
------------
Work around is available at, https://issues.apache.org/activemq/browse/AMQ-2700

Solution:
----------
Fixed in 5.4-snapshot

Risk Factor:
-------------
    CVSS Score Report: 
        ACCESS_VECTOR          = NETWORK 
        ACCESS_COMPLEXITY      = LOW 
        AUTHENTICATION         = NOT_REQUIRED 
        CONFIDENTIALITY_IMPACT = PARTIAL 
        INTEGRITY_IMPACT       = NONE 
        AVAILABILITY_IMPACT    = NONE 
        EXPLOITABILITY         = PROOF_OF_CONCEPT 
        REMEDIATION_LEVEL      = WORKAROUND
        REPORT_CONFIDENCE      = CONFIRMED 
        CVSS Base Score        = 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)

Credits:
--------
Veerendra G.G of SecPod Technologies has been credited with the discovery of
this vulnerability.
------=_20100422201310_16572--



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH