Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 Analysis Apache ActiveMQ CVE-2023-46604의 원인,...

MiracleLinux 4 : wireshark-1.8.10-7.AXS4 (AXSA:2014-223:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-223:02 advisory. Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library,...

Unity Linux 20.1070e Security Update: activemq (UTSA-2025-993345)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993345 advisory. Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly...

BIT-ACTIVEMQ-2025-27533 Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...

BIT-ACTIVEMQ-2023-46604 Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

ROS-20251031-03

A vulnerability in the Apache ActiveMQ software platform is related to the recovery of invalid data in memory data. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by creating an OpenWire class. arbitrary code by creating a class over the OpenWire protoco...

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.13.2 release and security update

Red Hat AMQ Broker 7.13.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

ActiveMQ: ActiveMQ: Unvalidated Buffer Size Allocation

A flaw was found in Apache ActiveMQ. This vulnerability allows denial of service by depleting process memory via unmarshalling OpenWire commands without proper size validation when not using mutual TLS connections...

EUVD-2013-6165

Malware in sbrugna...

EUVD-2021-1379

Malware in sbrugna...

EUVD-2025-11871

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-26118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed...

Linux Distros Unpatched Vulnerability : CVE-2025-27533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not proper...

The vulnerability of the command processor in the OpenWire software platform from Apache ActiveMQ, which allows a attacker to cause a service failure.

The vulnerability of the OpenWire command processor in the Apache ActiveMQ software platform lies in the lack of control over the data entered by users. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted packets...

OESA-2025-1507 activemq security update

The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to...

Apache ActiveMQ 6.1.6 Denial of Service

Apache ActiveMQ version 6.1.6 denial of service proof of concept exploit. This tool sends malicious OpenWire packets to exhaust the JVM heap memory of the target server, potentially crashing the ActiveMQ service on port 61616...

Apache ActiveMQ 5.16.x < 5.16.8 / 5.17.x < 5.17.7 / 5.18.x < 5.18.7 / 6.x < 6.1.6 DoS (CVE-2025-27533)

The version of Apache ActiveMQ running on the remote host is 5.16.x prior to 5.16.8, 5.17.x prior to 5.17.7, 5.18.x prior to 5.18.7, or 6.x prior to 6.1.6. It is, therefore, affected by a denial of service vulneraiblity: - During unmarshalling of OpenWire commands the size value of buffers was no...

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=1.1.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=1.0.0 <=5.2.1) +12 more potentially affected by CVE-2025-46827 via org.graylog2:graylog2-server (>=1.0.0-beta.3 <=6.0.13)

org.graylog2:graylog2-server MAVEN version =1.0.0-beta.3, =1.1.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =2.2.0, =1.1.0, =2.2.0, =2.2.0, =1.0.3, =1.0.0, =1.2.0, =1.3.4 Source cves: CVE-2025-46827 Source advisory: OSV:GHSA-76VF-MPMX-777J...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +77 more potentially affected by CVE-2025-27533 via org.apache.activemq:activemq-openwire-legacy (>=6.0.0 <=6.1.5)

org.apache.activemq:activemq-openwire-legacy MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =6.0.0, =6.1.5 and more Source cves: CVE-2025-27533 Source advisory: OSV:GHSA-WHXR-3P84-RF3C...

be.yildiz-games:module-messaging-activemq (=2.0.0), com.codbex.atlas:codbex-atlas-application (>=1.1.0 <=2.108.0) +77 more potentially affected by CVE-2025-27533 via org.apache.activemq:activemq-openwire-legacy (>=6.0.0 <=6.1.5)

org.apache.activemq:activemq-openwire-legacy MAVEN version =6.0.0, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.2.2, =1.4.0, =6.0.0, =6.1.5 and more Source cves: CVE-2025-27533 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-10074038...