CVE-2015-1830

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ 5.x before 5.11.2 for Windows. It uploads a JSP payload via an HTTP PUT request using default credentials (admin:admin) and executes it via an HTTP GET request to obtain a reverse shell.

The exploit demonstrates a directory traversal vulnerability in Apache ActiveMQ's fileserver functionality on Windows systems, allowing arbitrary file uploads and remote code execution via JSP shell deployment. It bypasses security constraints by overwriting configuration files and leveraging path traversal with '..\'.

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ 5.x before 5.11.2 for Windows. It uploads a JSP payload via an HTTP PUT request using default credentials (admin:admin) and executes it via an HTTP GET request to achieve remote code execution.