This update introduces an exploit for Apache ActiveMQ. The vulnerable versions present a path traversal vulnerability in default instalations that allows writing files to arbitrary filesystem locations, with the permissions of the user running the ActiveMQ process. This module leverages the vulnerability to install an agent. This exploit doesn't require authentication. The vulnerability is only present when the application is running in a Windows system.
Thursday, October 1, 2015 - 00:00