Apache ActiveMQ Fileserver Web Application Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Fileserver web application of Apache ActiveMQ versions 5.0.0 prior to 5.14.0. This vulnerability allows remote attackers to upload and execute arbitrary files. The issue arises from improper input validation, enabling attackers to exploit the Fileserver's upload functionality by sending an HTTP PUT request followed by an HTTP MOVE request. The uploaded file, which can contain malicious code, is executed when the ActiveMQ service is restarted.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, with the executed code running in the context of the ActiveMQ process.

Reproduction

To reproduce this vulnerability, first upload a file through the Fileserver application using an HTTP PUT request. Then, immediately follow up with an HTTP MOVE request to execute the uploaded file. This can be automated with a script or a tool like Metasploit, which has a module available for this purpose.

Remediation

The Fileserver feature has been removed in ActiveMQ version 5.14.0. For users on older versions, it is recommended to disable the Fileserver application by commenting out the relevant lines in the 'jetty.xml' configuration file.