Red Hat Bugzilla – Bug 1258309
CVE-2015-1830 ActiveMQ: Path traversal leading to unauthenticated RCE
Last modified: 2016-01-22 10:11:23 EST
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
*** Bug 1258297 has been marked as a duplicate of this bug. ***
This only affects the standalone version of ActiveMQ shipped with JBoss A-MQ. It is fixed in version 6.2.0.