16 results (0.067 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. • https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl https://security.netapp.com/advisory/ntap-20240216-0004 https://www.openwall.com/lists/oss-security/2023/11/28/1 https://access.redhat.com/security/cve/CVE-2022-41678 https://bugzilla.redhat.com/show_bug.cgi?id=2252185 • CWE-287: Improper Authentication CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 97%CPEs: 12EXPL: 15

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue. Apache ActiveMQ es vulnerable a la ejecución remota de código. La vulnerabilidad puede permitir que un atacante remoto con acceso a la red de un corredor ejecute comandos de shell arbitrarios manipulando tipos de clases serializadas en el protocolo OpenWire para hacer que el corredor cree una instancia de cualquier clase en el classpath. Se recomienda a los usuarios actualizar a la versión 5.15.16, 5.16.7, 5.17.6 o 5.18.3, que soluciona este problema. • https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ https://github.com/sule01u/CVE-2023-46604 https://github.com/mrpentst/CVE-2023-46604 https://github.com/ST3G4N05/ExploitScript-CVE-2023-46604 https://github.com/evkl1d/CVE-2023-46604 https://github.com/duck-sec/CVE-2023-46604-ActiveMQ-RCE-pseudoshell https://github.com/justdoit-cai/CVE-2023-46604-Apache-ActiveMQ-RCE-exp https://github.com/h3x3h0g/ActiveMQ-RCE-CVE-2023-46604-Write-up https://github.com • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.1EPSS: 4%CPEs: 4EXPL: 0

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. Se identificó una instancia de una vulnerabilidad de tipo cross-site scripting en la consola de administración basada en web en la página message.jsp de Apache ActiveMQ versiones 5.15.12 hasta 5.16.0 • http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c%40%3Cdev.activemq.apache.org%3E https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c%40%3Cusers.activemq.apache.org%3E https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. Apache ActiveMQ usa la función LocateRegistry.createRegistry() para crear el registro RMI de JMX y vincular el servidor a la entrada "jmxrmi". • http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html https://www.oracle.com/security-alerts/cpuoct2020.html https:/& • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. Se encontró que el cliente ActiveMQ de Apache anterior a versión 5.15.5, expuso un comando de apagado remoto en clase ActiveMQConnection. Un atacante que inicio sesión en un broker comprometido podría utilizar este fallo para lograr una denegación de servicio en un cliente conectado. It was found that the Apache ActiveMQ client exposed a remote shutdown command in the ActiveMQConnection class. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559 https://issues.apache.org/jira/browse/AMQ-6470 https://access.redhat.com/security/cve/CVE-2015-7559 https://bugzilla.redhat.com/show_bug.cgi?id=1293972 • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function •