CVE-2015-1830: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
(updated )
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
References
- activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
- packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.html
- www.zerodayinitiative.com/advisories/ZDI-15-407
- www.zerodayinitiative.com/advisories/ZDI-15-407/
- github.com/advisories/GHSA-3v63-f83x-37x4
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
- nvd.nist.gov/vuln/detail/CVE-2015-1830
Detect and mitigate CVE-2015-1830 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →