CVE-2016-3088

Priority
Description
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows
remote attackers to upload and execute arbitrary files via an HTTP PUT
followed by an HTTP MOVE request.
Notes
tyhicksAffects "Apache ActiveMQ 5.0.0 - 5.13.2"
msalvatoreNo upstream patch available for 5.13. Fileserver feature has been completely
removed starting with 5.14.0
Package
Upstream:released (5.13.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):deferred
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5.14.0+dfsg-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (5.14.0+dfsg-1)
Ubuntu 20.04 (Focal Fossa):not-affected (5.14.0+dfsg-1)
More Information

Updated: 2020-01-29 18:27:59 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)