CVE-2015-1830

Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-1830. PoCs published by Metasploit, David Jorm, Erik Wynter, including Metasploit module exploits/windows/http/apache_activemq_traversal_upload.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ 5.x before 5.11.2 for Windows. It uploads a JSP payload via an HTTP PUT request using default credentials (admin:admin) and executes it via an HTTP GET request to obtain a reverse shell.

Description

Directory traversal vulnerability in the fileserver upload/download functionality for blob messages in Apache ActiveMQ 5.x before 5.11.2 for Windows allows remote attackers to create JSP files in arbitrary directories via unspecified vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/48181

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ 5.x before 5.11.2 for Windows. It uploads a JSP payload via an HTTP PUT request using default credentials (admin:admin) and executes it via an HTTP GET request to obtain a reverse shell.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Apache ActiveMQ 5.x before 5.11.2
Auth required
Prerequisites: Network access to the target · Valid credentials (default: admin:admin) · Target running vulnerable version of Apache ActiveMQ
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
remotewindows
https://www.exploit-db.com/exploits/40857

The exploit demonstrates a directory traversal vulnerability in Apache ActiveMQ's fileserver functionality on Windows systems, allowing arbitrary file uploads and remote code execution via JSP shell deployment. It bypasses security constraints by overwriting configuration files and leveraging path traversal with '..\'.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Apache ActiveMQ (versions affected by CVE-2015-1830)
Auth required
Prerequisites: Access to the ActiveMQ fileserver endpoint · Ability to send HTTP PUT requests · Windows target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by David Jorm, Erik Wynter · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/apache_activemq_traversal_upload.rb

This Metasploit module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ 5.x before 5.11.2 for Windows. It uploads a JSP payload via an HTTP PUT request using default credentials (admin:admin) and executes it via an HTTP GET request to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Apache ActiveMQ 5.x before 5.11.2
Auth required
Prerequisites: Network access to the target · Valid credentials (default: admin:admin) · Target running vulnerable version of Apache ActiveMQ
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76452
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-407
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-407/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033315

Scores

EPSS 0.8602
EPSS Percentile 99.4%

Details

CWE
CWE-22
Status published
Products (23)
apache/activemq 5.0.0
apache/activemq 5.1.0
apache/activemq 5.2.0
apache/activemq 5.3.0
apache/activemq 5.3.1
apache/activemq 5.3.2
apache/activemq 5.4.0
apache/activemq 5.4.1
apache/activemq 5.4.2
apache/activemq 5.4.3
... and 13 more
Published Aug 19, 2015
Tracked Since Feb 18, 2026