45 matches found
EUVD-2020-0539
Malware in sbrugna...
CVE-2019-17572
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversa...
Apache RocketMQ < 4.9.6 / 5.0.x < 5.1.1 RCE
The version of Apache RocketMQ installed on the remote host is prior to 4.9.6 or 5.1.1. It is, therefore, affected by a remote code execution vulnerability. - For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of...
CVE-2023-33246
A vulnerability was found in Apache RocketMQ where, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification. This flaw allows an attacker to use...
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking
Misconfigured and vulnerable Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software. "Perfctl is particularly elusive and persistent, employing several sophisticated...
Apache RocketMQ < 5.3.0 Information Disclosure (CVE-2024-23321)
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist...
Apache RocketMQ Information Disclosure Vulnerability
Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. An information disclosure vulnerability exists in Apache RocketMQ, which can be exploited by an attacker to obtain an administrator's account and password via a specific...
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist...
GHSA-Q9W2-H4CW-8GHP Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist...
CVE-2024-23321
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist...
CVE-2024-23321 Apache RocketMQ: Unauthorized Exposure of Sensitive Data
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist...
CVE-2024-23321
CVE-2024-23321 affects RocketMQ 5.2.0 and earlier, where under certain conditions an attacker with regular user privileges (or IP whitelist-listed) can disclose administrator credentials via specific interfaces, gaining full control if they can access the broker IP address list. The risk arises d...
CVE-2024-23321 Apache RocketMQ: Unauthorized Exposure of Sensitive Data
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist...
Muhstik Botnet Exploits Apache RocketMQ Flaw in Latest Operations
...
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Muhstik botnet exploits a critical Apache RocketMQ flaw CVE-2023-33246 for remote code execution, targeting Linux servers and IoT devices for DDoS attacks and cryptocurrency mining. Infection involves executing a shell script from a remote IP, downloading the Muhstik malware binary "pty3", and...
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Apache RocketMQ
Summary Vulnerabilities in Apache RocketMQ were remediated in IBM Observability with Instana build 255. Vulnerability Details CVEID:CVE-2023-33246 DESCRIPTION: Apache RocketMQ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when using the update...
Apache RocketMQ < 4.9.7 / 5.x < 5.1.2 RCE (CVE-2023-37582)
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 4.9.6 / 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
Apache RocketMQ 4.2.0 < 4.6.1 Directory Traversal (CVE-2023-37582)
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like ../../../../topic2020 is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal...
Exploit for Code Injection in Apache Rocketmq
CVE-2023-33246 - RocketMQ Remote Code Execution CVE-2023-33246...
Apache RocketMQ Detection
Binary data apacherocketmqdetect.nbin...