157 matches found
Design/Logic Flaw
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
UBUNTU-CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-46604 Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-46604 Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-46604
CVE-2023-46604 – Apache ActiveMQ OpenWire deserialization RCE has concrete details in connected sources: the Java OpenWire protocol marshaller is vulnerable to remote code execution. A remote attacker with network access to a Java-based OpenWire broker or client can execute arbitrary shell comman...
Exploit for Deserialization of Untrusted Data in Apache Activemq
ActiveMQ-RCE English Versionhttps://github.com/X1r0z/Act...
PT-2023-6605
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.15.16 Apache ActiveMQ versions 5.16.x through 5.16.6 Apache ActiveMQ versions 5.17.x through 5.17.5 Apache ActiveMQ versions 5.18.x through 5.18.2 Bamboo Data Center affected versions not specified Bamboo...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
Apache ActiveMQ 代码问题漏洞
Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ there is a deserialization vulnerability , the vulnerability stems from the application in...
SUSE CVE-2013-6339
The dissectopenwiretype function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service loop via a crafted packet...
GHSA-9WCX-326R-7J7W Denial of Service in Apache ActiveMQ
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service file-descriptor exhaustion and broker crash or hang by sending many openwire failover:tcp:// connection requests...
Denial of Service in Apache ActiveMQ
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service file-descriptor exhaustion and broker crash or hang by sending many openwire failover:tcp:// connection requests...
GHSA-7QM4-P377-FR2R ActiveMQ's OpenWire protocol exposes certain system details as plain text
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details such as the OS and kernel version are exposed as plain text...
ActiveMQ's OpenWire protocol exposes certain system details as plain text
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details such as the OS and kernel version are exposed as plain text...
com.io7m.jsay:com.io7m.jsay (=0.0.2), io.fabric8.ipaas.apps:artemis (>=2.2.94 <=2.2.96) +10 more potentially affected by CVE-2021-26118 via org.apache.activemq:artemis-openwire-protocol (>=1.0.0 <=2.15.0)
org.apache.activemq:artemis-openwire-protocol MAVEN version =1.0.0, =2.2.94, =2.2.90, =2.2.97, =2.2.97, =2.2.94, =2.2.90, =2.2.97, =2.2.94, =0.1.0, =0.1.0, =1.0.0, =2.15.0 Source cves: CVE-2021-26118 Source advisory: OSV:GHSA-Q7FR-VQHQ-V5XR...
Debian DLA-2583-1 : activemq security update
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 When using the OpenWire protocol in activemq, it was found that certain system details such as the OS and kernel version are exposed as plain text. CVE-2018-11775 TLS hostname...
CVE-2021-26118
A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity. Mitigation If you are not usin...
7: OpenWire can create destinations with an unpriviledged user
A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity...