CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2016-3088

CVSS 9.8v3.1pub. 2016-06-01upd. 2026-04-21

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Activemq

    APP
    Apache
    5.0.0 – 5.14.0 (bez)

CISA KEV — detailsi

Vendori
Apache
Producti
ActiveMQ
Added to KEVi
February 10, 2022
Remediation deadline (US Federal)i
August 10, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 10 sierpnia 2022
CWE
References

Related vulnerabilities

CVE-2023-46604CRITICAL10.0⚠ KEVten sam produkt

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a ...

CVE-2020-11998CRITICAL9.8ten sam produkt

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to ...

CVE-2013-7285CRITICAL9.8ten sam produkt

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may a...

CVE-2014-3600CRITICAL9.8ten sam produkt

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have u...

CVE-2015-5254CRITICAL9.8ten sam produkt

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which al...