GHSA-v2c9-9m8v-8jjm

Source

https://github.com/advisories/GHSA-v2c9-9m8v-8jjm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v2c9-9m8v-8jjm/GHSA-v2c9-9m8v-8jjm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v2c9-9m8v-8jjm

Aliases

CVE-2010-1587

Published

2022-05-14T02:45:01Z

Modified

2024-12-04T05:39:15.259456Z

Summary

Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler

Details

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20"
    ],
    "nvd_published_at": "2010-04-28T22:30:00Z",
    "github_reviewed_at": "2024-02-07T23:08:47Z"
}

References

Affected packages

Maven / org.apache.activemq:activemq-web-console

Package

Name: org.apache.activemq:activemq-web-console; View open source insights on deps.dev
Purl: pkg:maven/org.apache.activemq/activemq-web-console

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

5.3.2

Affected versions

5.*

5.0.0

5.1.0

5.2.0

5.3.0

5.3.1