The Jetty ResourceHandler in Apache ActiveMQ 5.x prior to 5.3.2 and 5.4.x prior to 5.4.0 allows remote malicious users to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache activemq 5.3.0 |
||
apache activemq 5.3.1 |
||
apache activemq 5.0.0 |
||
apache activemq 5.4-snapshot |
||
apache activemq 5.1.0 |
||
apache activemq 5.2.0 |