Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vssn-bxyz-3qex
Summary
Improper Input Validation
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
Aliases
0
alias CVE-2010-1587
1
alias GHSA-v2c9-9m8v-8jjm
Fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-web-console@5.3.2
purl pkg:maven/org.apache.activemq/activemq-web-console@5.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18k1-3h2s-8uex
1
vulnerability VCID-37ws-cqf7-4udm
2
vulnerability VCID-f5x2-zvxa-yba5
3
vulnerability VCID-fb7w-5fvt-zqe3
4
vulnerability VCID-k4jb-36cp-1fc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-web-console@5.3.2
Affected_packages
0
url pkg:maven/org.apache.activemq/activemq-web-console@5.0.0
purl pkg:maven/org.apache.activemq/activemq-web-console@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18k1-3h2s-8uex
1
vulnerability VCID-37ws-cqf7-4udm
2
vulnerability VCID-f5x2-zvxa-yba5
3
vulnerability VCID-fb7w-5fvt-zqe3
4
vulnerability VCID-k4jb-36cp-1fc4
5
vulnerability VCID-vssn-bxyz-3qex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-web-console@5.0.0
1
url pkg:maven/org.apache.activemq/activemq-web-console@5.1.0
purl pkg:maven/org.apache.activemq/activemq-web-console@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18k1-3h2s-8uex
1
vulnerability VCID-37ws-cqf7-4udm
2
vulnerability VCID-f5x2-zvxa-yba5
3
vulnerability VCID-fb7w-5fvt-zqe3
4
vulnerability VCID-k4jb-36cp-1fc4
5
vulnerability VCID-vssn-bxyz-3qex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-web-console@5.1.0
2
url pkg:maven/org.apache.activemq/activemq-web-console@5.2.0
purl pkg:maven/org.apache.activemq/activemq-web-console@5.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18k1-3h2s-8uex
1
vulnerability VCID-37ws-cqf7-4udm
2
vulnerability VCID-f5x2-zvxa-yba5
3
vulnerability VCID-fb7w-5fvt-zqe3
4
vulnerability VCID-k4jb-36cp-1fc4
5
vulnerability VCID-vssn-bxyz-3qex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-web-console@5.2.0
3
url pkg:maven/org.apache.activemq/activemq-web-console@5.3.0
purl pkg:maven/org.apache.activemq/activemq-web-console@5.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18k1-3h2s-8uex
1
vulnerability VCID-37ws-cqf7-4udm
2
vulnerability VCID-f5x2-zvxa-yba5
3
vulnerability VCID-fb7w-5fvt-zqe3
4
vulnerability VCID-k4jb-36cp-1fc4
5
vulnerability VCID-vssn-bxyz-3qex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-web-console@5.3.0
4
url pkg:maven/org.apache.activemq/activemq-web-console@5.3.1
purl pkg:maven/org.apache.activemq/activemq-web-console@5.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18k1-3h2s-8uex
1
vulnerability VCID-37ws-cqf7-4udm
2
vulnerability VCID-f5x2-zvxa-yba5
3
vulnerability VCID-fb7w-5fvt-zqe3
4
vulnerability VCID-k4jb-36cp-1fc4
5
vulnerability VCID-vssn-bxyz-3qex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-web-console@5.3.1
References
0
reference_url http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html
reference_id
reference_type
scores
url http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1587.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1587.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-1587
reference_id
reference_type
scores
0
value 0.75383
scoring_system epss
scoring_elements 0.98886
published_at 2026-04-09T12:55:00Z
1
value 0.75383
scoring_system epss
scoring_elements 0.98881
published_at 2026-04-02T12:55:00Z
2
value 0.75383
scoring_system epss
scoring_elements 0.98888
published_at 2026-04-12T12:55:00Z
3
value 0.75383
scoring_system epss
scoring_elements 0.98879
published_at 2026-04-01T12:55:00Z
4
value 0.75383
scoring_system epss
scoring_elements 0.98885
published_at 2026-04-07T12:55:00Z
5
value 0.75383
scoring_system epss
scoring_elements 0.98882
published_at 2026-04-04T12:55:00Z
6
value 0.75634
scoring_system epss
scoring_elements 0.98901
published_at 2026-04-13T12:55:00Z
7
value 0.77939
scoring_system epss
scoring_elements 0.99011
published_at 2026-04-21T12:55:00Z
8
value 0.77939
scoring_system epss
scoring_elements 0.9901
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-1587
3
reference_url http://secunia.com/advisories/39567
reference_id
reference_type
scores
url http://secunia.com/advisories/39567
4
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
5
reference_url https://github.com/apache/activemq/commit/aadd17ab7b6b6a664322538d25ee96dad67616e0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/aadd17ab7b6b6a664322538d25ee96dad67616e0
6
reference_url https://github.com/apache/activemq/compare/activemq-5.3.1...activemq-parent-5.3.2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/compare/activemq-5.3.1...activemq-parent-5.3.2
7
reference_url https://github.com/apache/activemq/tree/main/activemq-web-console/src/main/webapp
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/tree/main/activemq-web-console/src/main/webapp
8
reference_url https://issues.apache.org/activemq/browse/AMQ-2700
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/activemq/browse/AMQ-2700
9
reference_url https://web.archive.org/web/20100426064914/http://www.vupen.com/english/advisories/2010/0979
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20100426064914/http://www.vupen.com/english/advisories/2010/0979
10
reference_url https://web.archive.org/web/20100702082040/http://secunia.com/advisories/39567
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20100702082040/http://secunia.com/advisories/39567
11
reference_url https://web.archive.org/web/20150314050810/http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150314050810/http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0278.html
12
reference_url https://web.archive.org/web/20200228044456/http://www.securityfocus.com/bid/39636
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228044456/http://www.securityfocus.com/bid/39636
13
reference_url https://web.archive.org/web/20201208002259/http://www.securityfocus.com/archive/1/510896/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208002259/http://www.securityfocus.com/archive/1/510896/100/0/threaded
14
reference_url http://www.osvdb.org/64020
reference_id
reference_type
scores
url http://www.osvdb.org/64020
15
reference_url http://www.securityfocus.com/archive/1/510896/100/0/threaded
reference_id
reference_type
scores
url http://www.securityfocus.com/archive/1/510896/100/0/threaded
16
reference_url http://www.securityfocus.com/bid/39636
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/39636
17
reference_url http://www.vupen.com/english/advisories/2010/0979
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2010/0979
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=587417
reference_id 587417
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=587417
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4-snapshot:*:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:activemq:5.4-snapshot:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4-snapshot:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-1587
reference_id CVE-2010-1587
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-1587
26
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33868.txt
reference_id CVE-2010-1587;OSVDB-64020
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33868.txt
27
reference_url https://www.securityfocus.com/bid/39636/info
reference_id CVE-2010-1587;OSVDB-64020
reference_type exploit
scores
url https://www.securityfocus.com/bid/39636/info
28
reference_url https://github.com/advisories/GHSA-v2c9-9m8v-8jjm
reference_id GHSA-v2c9-9m8v-8jjm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v2c9-9m8v-8jjm
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added 2010-04-22
description Apache ActiveMQ 5.2/5.3 - Source Code Information Disclosure
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2010-04-22
exploit_type remote
platform multiple
source_date_updated 2014-06-25
data_source Exploit-DB
source_url https://www.securityfocus.com/bid/39636/info
1
date_added null
description 
This module exploits a directory traversal vulnerability in Apache ActiveMQ
          5.3.1 and 5.3.2 on Windows systems. The vulnerability exists in the Jetty's
          ResourceHandler installed with the affected versions. This module has been tested
          successfully on ActiveMQ 5.3.1 and 5.3.2 over Windows 2003 SP2.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/http/apache_activemq_traversal.rb
Severity_range_score4.0 - 6.9
Exploitability2.0
Weighted_severity6.2
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vssn-bxyz-3qex