What is CVE-2016-3088?

CVE-2016-3088 is a vulnerability in Apache ActiveMQ that allows a remote attacker to execute arbitrary code on the system.

What is the severity of CVE-2016-3088?

CVE-2016-3088 has a severity rating of 9.8 out of 10, which is considered critical.

What software is affected by CVE-2016-3088?

Apache ActiveMQ versions up to and including 5.13.3 are affected by CVE-2016-3088. IBM Security Directory Suite VA versions up to and including 8.0.1.19 are also affected.

How can CVE-2016-3088 be mitigated?

To mitigate CVE-2016-3088, users should upgrade to a fixed version of Apache ActiveMQ or IBM Security Directory Suite VA.

Vulnerability/
CVE-2016-3088

Exploited

critical

9.8

CWE

20 434

1/6/2016

14/5/2022

21/11/2024

CVE-2016-3088: Apache ActiveMQ Improper Input Validation Vulnerability

Q: How does CVE-2016-3088 work?

CVE-2016-3088 is caused by an error in the Fileserver web application of Apache ActiveMQ. By sending a specially crafted HTTP PUT request and an HTTP MOVE request, an attacker can exploit this vulnerability to create an arbitrary file and execute arbitrary code.

First published: Wed Jun 01 2016(Updated: )

Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Fileserver web application. By sending a specially crafted HTTP PUT request and an HTTP MOVE request, an attacker could exploit this vulnerability to create an arbitrary file and execute arbitrary code on the system.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache ActiveMQ	<=5.13.3
Apache ActiveMQ	>=5.0.0<5.14.0
maven/org.apache.activemq:activemq-client	>=5.0.0<5.14.0	5.14.0
IBM Security Directory Suite VA	<=8.0.1-8.0.1.19

Remedy

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7001693

Frequently Asked Questions

What is CVE-2016-3088?
CVE-2016-3088 is a vulnerability in Apache ActiveMQ that allows a remote attacker to execute arbitrary code on the system.
How does CVE-2016-3088 work?
CVE-2016-3088 is caused by an error in the Fileserver web application of Apache ActiveMQ. By sending a specially crafted HTTP PUT request and an HTTP MOVE request, an attacker can exploit this vulnerability to create an arbitrary file and execute arbitrary code.
What is the severity of CVE-2016-3088?
CVE-2016-3088 has a severity rating of 9.8 out of 10, which is considered critical.
What software is affected by CVE-2016-3088?
Apache ActiveMQ versions up to and including 5.13.3 are affected by CVE-2016-3088. IBM Security Directory Suite VA versions up to and including 8.0.1.19 are also affected.
How can CVE-2016-3088 be mitigated?
To mitigate CVE-2016-3088, users should upgrade to a fixed version of Apache ActiveMQ or IBM Security Directory Suite VA.

collector/nvd-index
agent/type
agent/title
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/weakness
agent/author
agent/remedy
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-rxqh-fc23-gxp2
alias/CVE-2016-3088
agent/references
collector/ibm-support
source/IBM
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/tags
exploited/true
collector/cisa-known-exploited
source/CISA
agent/softwarecombine
agent/event
collector/nvd-cve
agent/last-modified-date
agent/trending
vendor/apache
canonical/apache activemq
version/apache activemq/5.13.3
version/apache activemq/5.0.0
package-manager/maven
vendor/ibm
canonical/ibm security directory suite va
version/ibm security directory suite va/8.0.1-8.0.1.19