vulnerability

Apache ActiveMQ: CVE-2016-3088: ActiveMQ Fileserver web application vulnerabilities

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jun 1, 2016

Added

Jan 9, 2024

Modified

Oct 22, 2025

Description

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Solution

apache-activemq-upgrade-latest

References

CWE-434

CVE-2016-3088

https://attackerkb.com/topics/CVE-2016-3088

URL-http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt

URL-http://rhn.redhat.com/errata/RHSA-2016-2036.html

URL-http://www.securitytracker.com/id/1035951

URL-http://www.zerodayinitiative.com/advisories/ZDI-16-356

URL-http://www.zerodayinitiative.com/advisories/ZDI-16-357

URL-https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

URL-https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E

URL-https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

URL-https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088

URL-https://www.exploit-db.com/exploits/42283/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today