Lucene search
K

170 matches found

GithubExploit
GithubExploit
added 2023/10/27 5:57 a.m.639 views

Exploit for Deserialization of Untrusted Data in Apache Activemq

ActiveMQ-RCE English Versionhttps://github.com/X1r0z/Act...

10CVSS9.3AI score0.99654EPSS
Exploits31
CNNVD
CNNVD
added 2023/10/27 12:0 a.m.6 views

Apache ActiveMQ 代码问题漏洞

Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ there is a deserialization vulnerability , the vulnerability stems from the application in...

10CVSS6.1AI score0.99654EPSS
Exploits31References16
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.7 views

PT-2023-6605

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.15.16 Apache ActiveMQ versions 5.16.x through 5.16.6 Apache ActiveMQ versions 5.17.x through 5.17.5 Apache ActiveMQ versions 5.18.x through 5.18.2 Bamboo Data Center affected versions not specified Bamboo...

10CVSS9AI score0.99654EPSS
Exploits31References399
ATTACKERKB
ATTACKERKB
added 2023/10/27 12:0 a.m.58 views

CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...

10CVSS9.9AI score0.99654EPSS
In wildExploits31References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.3 views

SUSE CVE-2013-6339

The dissectopenwiretype function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service loop via a crafted packet...

4.3CVSS7.3AI score0.01987EPSS
Exploits1References4
OSV
OSV
added 2022/05/17 5:35 a.m.32 views

GHSA-9WCX-326R-7J7W Denial of Service in Apache ActiveMQ

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service file-descriptor exhaustion and broker crash or hang by sending many openwire failover:tcp:// connection requests...

5CVSS6.9AI score0.08984EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2022/05/17 5:35 a.m.28 views

Denial of Service in Apache ActiveMQ

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service file-descriptor exhaustion and broker crash or hang by sending many openwire failover:tcp:// connection requests...

5CVSS5.2AI score0.08984EPSS
Exploits1References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:11 a.m.37 views

ActiveMQ's OpenWire protocol exposes certain system details as plain text

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details such as the OS and kernel version are exposed as plain text...

4.3CVSS4.9AI score0.23255EPSS
Exploits0References13Affected Software2
OSV
OSV
added 2022/05/13 1:11 a.m.27 views

GHSA-7QM4-P377-FR2R ActiveMQ's OpenWire protocol exposes certain system details as plain text

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details such as the OS and kernel version are exposed as plain text...

3.7CVSS4AI score0.23255EPSS
Exploits0References13
vulnersOsv
vulnersOsv
added 2021/06/16 5:39 p.m.5 views

com.io7m.jsay:com.io7m.jsay (=0.0.2), io.fabric8.ipaas.apps:artemis (>=2.2.94 <=2.2.96) +10 more potentially affected by CVE-2021-26118 via org.apache.activemq:artemis-openwire-protocol (>=1.0.0 <=2.15.0)

org.apache.activemq:artemis-openwire-protocol MAVEN version =1.0.0, =2.2.94, =2.2.90, =2.2.97, =2.2.97, =2.2.94, =2.2.90, =2.2.97, =2.2.94, =0.1.0, =0.1.0, =1.0.0, =2.15.0 Source cves: CVE-2021-26118 Source advisory: OSV:GHSA-Q7FR-VQHQ-V5XR...

7.5CVSS7.1AI score0.04008EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/03/08 12:0 a.m.48 views

Debian DLA-2583-1 : activemq security update

Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 When using the OpenWire protocol in activemq, it was found that certain system details such as the OS and kernel version are exposed as plain text. CVE-2018-11775 TLS hostname...

7.5CVSS6.4AI score0.23255EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2021/02/11 3:41 p.m.25 views

CVE-2021-26118

A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity. Mitigation If you are not usin...

7.5CVSS3.2AI score0.04008EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/02/04 1:36 p.m.6 views

7: OpenWire can create destinations with an unpriviledged user

A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity...

7.5CVSS5.7AI score0.04008EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/01/27 7:15 p.m.35 views

CVE-2021-26118

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error...

7.5CVSS7.1AI score0.04008EPSS
Exploits0References2
OSV
OSV
added 2021/01/27 7:15 p.m.1 views

UBUNTU-CVE-2021-26118

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error...

7.5CVSS7.1AI score0.04008EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/01/27 6:55 p.m.30 views

CVE-2021-26118 Flaw in ActiveMQ Artemis OpenWire support

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error...

7.7AI score0.04008EPSS
Exploits0References3
CVE
CVE
added 2021/01/27 6:55 p.m.143 views

CVE-2021-26118

The CVE-2021-26118 issue affects Apache ActiveMQ Artemis 2.15.0, where the OpenWire protocol head can produce advisory messages outside policy-based access control for the entire session, bypassing session-wide ACL protection. The root cause is improper access control enforcement during advisory ...

7.5CVSS7.5AI score0.04008EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/01/27 12:0 a.m.4 views

PT-2021-16959

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis version 2.15.0 Description The creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis bypassed policy-based access control for the entire session. This occurred because the production of...

7.5CVSS7.5AI score0.04008EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 2020/12/08 8:55 a.m.3 views

7: OpenWire can create destinations with an unpriviledged user

A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity...

7.5CVSS5.7AI score0.04008EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/09/14 12:0 a.m.141 views

Apache ActiveMQ 5.14.x - 5.15.2 OpenWire Information Disclosure

The version of Apache ActiveMQ running on the remote host is 5.15.4.x or 5.14.x prior to 5.15.3. It is, therefore, affected by an unspecified flaw related to the OpenWire protocol that allows information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

4.3CVSS5.6AI score0.23255EPSS
Exploits0References3
Rows per page
Query Builder