CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41678 – Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
https://notcve.org/view.php?id=CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. • https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl https://security.netapp.com/advisory/ntap-20240216-0004 https://www.openwall.com/lists/oss-security/2023/11/28/1 https://access.redhat.com/security/cve/CVE-2022-41678 https://bugzilla.redhat.com/show_bug.cgi?id=2252185 • CWE-287: Improper Authentication CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 97%CPEs: 12EXPL: 15CVE-2023-46604 – Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue. Apache ActiveMQ es vulnerable a la ejecución remota de código. La vulnerabilidad puede permitir que un atacante remoto con acceso a la red de un corredor ejecute comandos de shell arbitrarios manipulando tipos de clases serializadas en el protocolo OpenWire para hacer que el corredor cree una instancia de cualquier clase en el classpath. Se recomienda a los usuarios actualizar a la versión 5.15.16, 5.16.7, 5.17.6 o 5.18.3, que soluciona este problema. • https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ https://github.com/sule01u/CVE-2023-46604 https://github.com/mrpentst/CVE-2023-46604 https://github.com/ST3G4N05/ExploitScript-CVE-2023-46604 https://github.com/evkl1d/CVE-2023-46604 https://github.com/duck-sec/CVE-2023-46604-ActiveMQ-RCE-pseudoshell https://github.com/justdoit-cai/CVE-2023-46604-Apache-ActiveMQ-RCE-exp https://github.com/h3x3h0g/ActiveMQ-RCE-CVE-2023-46604-Write-up https://github.com • CWE-502: Deserialization of Untrusted Data •