What is CVE-2010-1587?

CVE-2010-1587 is a vulnerability in Apache Activemq, classified under Improper Input Validation. Published 2010-04-28.

Is CVE-2010-1587 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Activemq

CVE-2010-1587

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) ad…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.779 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Activemq — versions 5.2.0, 5.3.1, 5.3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

20100422 Apache ActiveMQ is prone to source code disclosure vulnerability. (mailing-list, x_refsource_FULLDISC)
39567 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
64020 (x_refsource_OSVDB, Exploit, vdb-entry)
20100422 Apache ActiveMQ is prone to source code disclosure vulnerability. (mailing-list, x_refsource_BUGTRAQ)
39636 (vdb-entry, x_refsource_BID)
ADV-2010-0979 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch)

Frequently asked questions

What is CVE-2010-1587?: CVE-2010-1587 is a vulnerability in Apache Activemq, classified under Improper Input Validation. Published 2010-04-28.
Is CVE-2010-1587 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.