[
https://issues.apache.org/jira/browse/AMQ-7465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17082213#comment-17082213
]
Bhavana edited comment on AMQ-7465 at 4/13/20, 10:19 AM:
---------------------------------------------------------
Above security vulnerability is detected in our server during the nesus scan.
We are using 8162 port in our application.Could you please suggest us how to
fix this issue.It is above high alert
was (Author: xvanbha):
Above security vulnerability is detected in our server during the nesus scan.
We are using 8162 port in our application.Could you please suggest us how to
fix this issue.
> Xerver Double Slash Authentication Bypass detected on ActiveMQ directory
> ------------------------------------------------------------------------
>
> Key: AMQ-7465
> URL: https://issues.apache.org/jira/browse/AMQ-7465
> Project: ActiveMQ
> Issue Type: Bug
> Components: Security/JAAS
> Affects Versions: 5.14.5
> Reporter: Bhavana
> Priority: Critical
>
> Xerver Double Slash Authentication Bypass detected on ActiveMQ directory.
> The version of Xerver installed on the remote host is affected by an
> authentication bypass vulnerability. It is possible to access protected web
> directories without authentication by prepending the directory with an extra
> '/'character, as long as the directory is not recursively protected.
> A remote, unauthenticated attacker can leverage this issue to gain access to
> protected web directories.
> Nessus was able to reproduce the issue using the following URL :
> [https://seliiuapp11022.seli.gic.ericsson.se:8162//admin/]
> We have assigned 8162 port for activemq GUI in our applications
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
