Moderate severityNVD Advisory· Published Aug 19, 2015· Updated May 6, 2026
CVE-2015-1830
CVE-2015-1830
Description
Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:activemq-clientMaven | >= 5.0.0, < 5.11.2 | 5.11.2 |
Affected products
22cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
Patches
2729c4731574fhttps://issues.apache.org/jira/browse/AMQ-5754 - better filename guaard fix
1 file changed · +3 −1
activemq-fileserver/src/main/java/org/apache/activemq/util/FilenameGuardFilter.java+3 −1 modified@@ -17,6 +17,7 @@ package org.apache.activemq.util; import java.io.IOException; +import java.nio.file.FileSystems; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -60,7 +61,8 @@ public GuardedHttpServletRequest(HttpServletRequest httpRequest) { } private String guard(String filename) { - String guarded = filename.replace(":", "_").replace("\\", "").replace("/", ""); + String guarded = filename.replace(":", "_"); + guarded = FileSystems.getDefault().getPath(guarded).normalize().toString(); if (LOG.isDebugEnabled()) { LOG.debug("guarded " + filename + " to " + guarded); }
9fd5cb7dfe0fhttps://issues.apache.org/jira/browse/AMQ-5754 - disable file server by default
3 files changed · +6 −3
activemq-fileserver/src/main/java/org/apache/activemq/util/FilenameGuardFilter.java+1 −1 modified@@ -60,7 +60,7 @@ public GuardedHttpServletRequest(HttpServletRequest httpRequest) { } private String guard(String filename) { - String guarded = filename.replace(":", "_"); + String guarded = filename.replace(":", "_").replace("\\", "").replace("/", ""); if (LOG.isDebugEnabled()) { LOG.debug("guarded " + filename + " to " + guarded); }
activemq-fileserver/src/main/webapp/index.html+2 −2 modified@@ -16,14 +16,14 @@ --> <html> <head> -<title>ActiveMQ Console</title> +<title>ActiveMQ File server</title> </head> <body> <h1>RESTful file access</h1> <p> - This webapp provides RESTful file access. + This webapp provides RESTful file access for <a href="http://activemq.apache.org/blob-messages.html">blob messages</a>. It's disabled by default, please take a look at web server configuration on how to enable it. </p> </body>
assembly/src/release/conf/jetty.xml+3 −0 modified@@ -65,12 +65,15 @@ <property name="resourceBase" value="${activemq.home}/webapps/admin" /> <property name="logUrlOnStart" value="true" /> </bean> + <!-- Enable embedded file server for Blob messages --> + <!-- <bean class="org.eclipse.jetty.webapp.WebAppContext"> <property name="contextPath" value="/fileserver" /> <property name="resourceBase" value="${activemq.home}/webapps/fileserver" /> <property name="logUrlOnStart" value="true" /> <property name="parentLoaderPriority" value="true" /> </bean> + --> <bean class="org.eclipse.jetty.webapp.WebAppContext"> <property name="contextPath" value="/api" /> <property name="resourceBase" value="${activemq.home}/webapps/api" />
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
13- github.com/advisories/GHSA-3v63-f83x-37x4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-1830ghsaADVISORY
- activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txtnvdWEB
- packetstormsecurity.com/files/156643/Apache-ActiveMQ-5.11.1-Directory-Traversal-Shell-Upload.htmlnvdWEB
- www.securityfocus.com/bid/76452nvdWEB
- www.securitytracker.com/id/1033315nvdWEB
- www.zerodayinitiative.com/advisories/ZDI-15-407nvdWEB
- github.com/apache/activemq/commit/729c4731574ffffaf58ebefdbaeb3bd19ed1c7b7ghsaWEB
- github.com/apache/activemq/commit/9fd5cb7dfe0fcc431f99d5e14206e0090e72f36bghsaWEB
- issues.apache.org/jira/browse/AMQ-5754ghsaWEB
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3EnvdWEB
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3EghsaWEB
- www.zerodayinitiative.com/advisories/ZDI-15-407/nvd
News mentions
0No linked articles in our index yet.