35 results (0.011 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. • https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl https://security.netapp.com/advisory/ntap-20240216-0004 https://www.openwall.com/lists/oss-security/2023/11/28/1 https://access.redhat.com/security/cve/CVE-2022-41678 https://bugzilla.redhat.com/show_bug.cgi?id=2252185 • CWE-287: Improper Authentication CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 97%CPEs: 12EXPL: 15

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue. Apache ActiveMQ es vulnerable a la ejecución remota de código. La vulnerabilidad puede permitir que un atacante remoto con acceso a la red de un corredor ejecute comandos de shell arbitrarios manipulando tipos de clases serializadas en el protocolo OpenWire para hacer que el corredor cree una instancia de cualquier clase en el classpath. Se recomienda a los usuarios actualizar a la versión 5.15.16, 5.16.7, 5.17.6 o 5.18.3, que soluciona este problema. • https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ https://github.com/sule01u/CVE-2023-46604 https://github.com/mrpentst/CVE-2023-46604 https://github.com/ST3G4N05/ExploitScript-CVE-2023-46604 https://github.com/evkl1d/CVE-2023-46604 https://github.com/duck-sec/CVE-2023-46604-ActiveMQ-RCE-pseudoshell https://github.com/justdoit-cai/CVE-2023-46604-Apache-ActiveMQ-RCE-exp https://github.com/h3x3h0g/ActiveMQ-RCE-CVE-2023-46604-Write-up https://github.com • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.1EPSS: 4%CPEs: 4EXPL: 0

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. Se identificó una instancia de una vulnerabilidad de tipo cross-site scripting en la consola de administración basada en web en la página message.jsp de Apache ActiveMQ versiones 5.15.12 hasta 5.16.0 • http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c%40%3Cdev.activemq.apache.org%3E https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c%40%3Cusers.activemq.apache.org%3E https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. El módulo de inicio de sesión LDAP de ActiveMQ opcional puede ser configurado para usar el acceso anónimo al servidor LDAP. En este caso, para Apache ActiveMQ Artemis anterior a versión 2.16.0 y Apache ActiveMQ anterior a versiones 5.16.1 y 5.15.14, el contexto anónimo es usado para verificar una contraseña de usuario válida por error, resultando en una comprobación de la contraseña A flaw was found in activemq. When anonymous binds are enabled on the LDAP provider (zero length DN/password) and the LDAP module is configured to make use of these, client credentials are not correctly verified and authentication is effectively bypassed. • https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a • CWE-287: Improper Authentication •

CVSS: 9.3EPSS: 97%CPEs: 36EXPL: 3

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. • https://github.com/Al1ex/CVE-2020-26217 https://github.com/novysodope/CVE-2020-26217-XStream-RCE-POC https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2 https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/r7c9fc255edc0b9cd9567093d131f6d33fde4c662aaf912460ef630e9%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-502: Deserialization of Untrusted Data •