Bhavana created AMQ-7465:
----------------------------
Summary: Xerver Double Slash Authentication Bypass detected on
ActiveMQ directory
Key: AMQ-7465
URL: https://issues.apache.org/jira/browse/AMQ-7465
Project: ActiveMQ
Issue Type: Bug
Components: Security/JAAS
Affects Versions: 5.14.5
Reporter: Bhavana
Xerver Double Slash Authentication Bypass detected on ActiveMQ directory.
The version of Xerver installed on the remote host is affected by an
authentication bypass vulnerability. It is possible to access protected web
directories without authentication by prepending the directory with an extra
'/'character, as long as the directory is not recursively protected.
A remote, unauthenticated attacker can leverage this issue to gain access to
protected web directories.
Nessus was able to reproduce the issue using the following URL :
[https://seliiuapp11022.seli.gic.ericsson.se:8162//admin/]
We have assigned 8162 port for activemq GUI in our applications
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
