GHSA-v2c9-9m8v-8jjm

Suggest an improvement
Source
https://github.com/advisories/GHSA-v2c9-9m8v-8jjm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v2c9-9m8v-8jjm/GHSA-v2c9-9m8v-8jjm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v2c9-9m8v-8jjm
Aliases
  • CVE-2010-1587
Published
2022-05-14T02:45:01Z
Modified
2024-03-15T15:51:02.488401Z
Summary
Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
Details

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

References

Affected packages

Maven / org.apache.activemq:activemq-web-console

Package

Name
org.apache.activemq:activemq-web-console
View open source insights on deps.dev
Purl
pkg:maven/org.apache.activemq/activemq-web-console

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
5.3.2

Affected versions

5.*

5.0.0
5.1.0
5.2.0
5.3.0
5.3.1