Critical severity9.8CISA KEVNVD Advisory· Published Jun 1, 2016· Updated Jun 17, 2026
CVE-2016-3088
CVE-2016-3088
Description
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:activemq-clientMaven | >= 5.0.0, < 5.14.0 | 5.14.0 |
Affected products
2Patches
Vulnerability mechanics
References
19- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3EnvdMailing ListPatchWEB
- www.exploit-db.com/exploits/42283/nvdExploitThird Party AdvisoryVDB Entry
- activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txtnvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-2036.htmlnvdThird Party AdvisoryWEB
- www.securitytracker.com/id/1035951nvdBroken LinkThird Party AdvisoryVDB EntryWEB
- www.zerodayinitiative.com/advisories/ZDI-16-356nvdThird Party AdvisoryVDB EntryWEB
- www.zerodayinitiative.com/advisories/ZDI-16-357nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-rxqh-fc23-gxp2ghsaADVISORY
- lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3EnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2016-3088ghsaADVISORY
- github.com/apache/activemq/commit/3dd86d04e8b90ba309819317d19e7260d414d9e7ghsaWEB
- issues.apache.org/jira/browse/AMQ-6276ghsaWEB
- lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3EnvdIssue TrackingMailing ListWEB
- lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a@%3Cusers.activemq.apache.org%3EghsaWEB
- lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3EghsaWEB
- stackoverflow.com/questions/67140241/configuring-activemq-webconsole-to-redirect-http-to-httpsghsaWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceWEB
- www.exploit-db.com/exploits/42283ghsaWEB
News mentions
0No linked articles in our index yet.