| Reporter | Title | Published | Views | Family All 27 |
|---|---|---|---|---|
| Exploit for CVE-2026-34197 | 8 Apr 202620:07 | – | githubexploit | |
| Apache ActiveMQ 6.x < 6.1.2 Insecure Web API Vulnerability | 3 May 202400:00 | – | nessus | |
| The vulnerability of the interface configurations of the Jolokia JMX REST API and the Message REST API of the Apache ActiveMQ software platform allows a perpetrator to gain access to read, modify, or delete information. | 6 May 202400:00 | – | bdu_fstec | |
| CVE-2024-32114 | 4 May 202414:36 | – | circl | |
| Apache ActiveMQ 安全漏洞 | 2 May 202400:00 | – | cnnvd | |
| Apache ActiveMQ Authentication Bypass Vulnerability | 6 May 202400:00 | – | cnvd | |
| CVE-2024-32114 | 2 May 202408:29 | – | cve | |
| CVE-2024-32114 Apache ActiveMQ: Jolokia and REST API were not secured with default configuration | 2 May 202408:29 | – | cvelist | |
| CVE-2024-32114 | 2 May 202408:29 | – | debiancve | |
| EUVD-2024-1626 | 3 Oct 202520:07 | – | euvd |
id: CVE-2024-32114
info:
name: Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control
author: ChrisJr404
severity: high
description: |
Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication.
impact: |
Unauthenticated users can interact with the broker, potentially producing, consuming, or deleting messages and accessing sensitive management APIs.
remediation: |
Upgrade to Apache ActiveMQ 6.1.2 or later, or update `conf/jetty.xml` to require authentication on the `/api/` web context.
reference:
- https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
- https://github.com/vulhub/vulhub/tree/master/activemq/CVE-2024-32114
- https://github.com/advisories/GHSA-gj5m-m88j-v7c3
- https://nvd.nist.gov/vuln/detail/CVE-2024-32114
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2024-32114
cwe-id: CWE-1188
epss-score: 0.0692
epss-percentile: 0.93331
metadata:
verified: true
max-request: 2
vendor: apache
product: activemq
shodan-query: http.title:"ActiveMQ"
fofa-query: title="ActiveMQ"
tags: cve,cve2024,activemq,apache,jolokia,vkev
http:
- method: GET
path:
- "{{BaseURL}}/api/jolokia/search/org.apache.activemq:type=Broker,*"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "request\":{", "type=Broker", "mbean\":", "org.apache.activemq")'
- 'contains(content_type, "text/plain")'
- 'status_code == 200'
condition: and
# digest: 490a00463044022079e42479496bff0912fb279c900df58cfbee7462dc7010da950fab54ae48202402202494676c082d05949f3ff311f2cf9431a346a4945af2bdfa2dcf249bbe0f711f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation