CVE-2010-1587
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
6.0
Description
Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Metasploit modules
Source fetch failed: fetch_error โ view the original via the link above.
Source code queued for fetch โ refresh in a moment.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.activemq:activemq-web-console | >=5.0.0,<5.3.2 | 5.3.2 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html
- http://secunia.com/advisories/39567
- http://www.osvdb.org/64020
- http://www.securityfocus.com/archive/1/510896/100/0/threaded
- http://www.securityfocus.com/bid/39636
- http://www.vupen.com/english/advisories/2010/0979
- https://issues.apache.org/activemq/browse/AMQ-2700
- https://nvd.nist.gov/vuln/detail/CVE-2010-1587
- https://github.com/apache/activemq/commit/aadd17ab7b6b6a664322538d25ee96dad67616e0
- https://github.com/apache/activemq
- https://github.com/apache/activemq/compare/activemq-5.3.1...activemq-parent-5.3.2
- https://github.com/apache/activemq/tree/main/activemq-web-console/src/main/webapp
- https://web.archive.org/web/20100426064914/http://www.vupen.com/english/advisories/2010/0979
- https://web.archive.org/web/20100702082040/http://secunia.com/advisories/39567
- https://web.archive.org/web/20150314050810/http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html
- https://web.archive.org/web/20200228044456/http://www.securityfocus.com/bid/39636
- https://web.archive.org/web/20201208002259/http://www.securityfocus.com/archive/1/510896/100/0/threaded
CWEs
CWE-20
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.