3,000+ Apache ActiveMQ Servers Vulnerable to RCE Attacks
More than 3,000 Apache ActiveMQ servers uncovered to the in discovering are at risk attributable to an major remote code execution (RCE) vulnerability identified as CVE-2023-46604.
The most widely extinct initiate-source, multi-protocol, Java-essentially based mostly message broker is named Apache ActiveMQ. It’s neatly suited with industry-standard protocols, permitting users to take profit of client selections on a diversity of languages and platforms.
Connect from prospects written in JavaScript, C, C++, Python,.Get, and other languages. It’s neatly suited with several protocols, along side STOMP, AMQP, MQTT, and OpenWire. With its strength and suppleness, ActiveMQ can tackle each and each messaging use case.
Vital elements of the Vital RCE Flaw
Exploiting the serialized class kinds within the OpenWire protocol, CVE-2023-46604 is an major severity RCE with a CVSS v3 score of 10.0 that enables attackers to manufacture arbitrary shell commands.
Patch Manager Plus to Patch Over 850 Third-celebration Capabilities.
Patch Manager Plus, our all-spherical patching solution, offers automated patch deployment for Windows, macOS, and Linux endpoints, along with patching toughen for 950+ third-celebration updates all over 850+ third celebration applications..
“The vulnerability could presumably well perchance enable a remote attacker with community get admission to to a broker to scoot arbitrary shell commands by manipulating serialized class kinds within the OpenWire protocol to living off the broker to instantiate any class on the classpath,” ShadowServer experiences.
ShadowServer acknowledged that 7,249 servers have ActiveMQ companies and products available to users. Among these, 3,329 have been found to be using an ActiveMQ model that lets in all of these servers to be weak to remote code execution attacks.
A majority of the weak servers, 1,400, could presumably well perchance be found in China, with 530 within the US and 153 in Germany. There are 100 weak servers in other nations, along side South Korea, the Netherlands, Russia, the United Kingdom, and India.
Affected Versions
- Apache ActiveMQ 5.18.0 sooner than 5.18.3
- Apache ActiveMQ 5.17.0 sooner than 5.17.6
- Apache ActiveMQ 5.16.0 sooner than 5.16.7
- Apache ActiveMQ sooner than 5.15.16
- Apache ActiveMQ Legacy OpenWire Module 5.18.0 sooner than 5.18.3
- Apache ActiveMQ Legacy OpenWire Module 5.17.0 sooner than 5.17.6
- Apache ActiveMQ Legacy OpenWire Module 5.16.0 sooner than 5.16.7
- Apache ActiveMQ Legacy OpenWire Module 5.8.0 sooner than 5.15.16
Fixes Readily available
It’s suggested that users replace to 5.15.16, 5.16.7, 5.17.6, or 5.18.3 since these versions unravel this fret.
Source credit : cybersecuritynews.com
