170 matches found
Exploit for Deserialization of Untrusted Data in Apache Activemq
ActiveMQ-RCE English Versionhttps://github.com/X1r0z/Act...
Apache ActiveMQ 代码问题漏洞
Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ there is a deserialization vulnerability , the vulnerability stems from the application in...
PT-2023-6605
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.15.16 Apache ActiveMQ versions 5.16.x through 5.16.6 Apache ActiveMQ versions 5.17.x through 5.17.5 Apache ActiveMQ versions 5.18.x through 5.18.2 Bamboo Data Center affected versions not specified Bamboo...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
SUSE CVE-2013-6339
The dissectopenwiretype function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service loop via a crafted packet...
GHSA-9WCX-326R-7J7W Denial of Service in Apache ActiveMQ
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service file-descriptor exhaustion and broker crash or hang by sending many openwire failover:tcp:// connection requests...
Denial of Service in Apache ActiveMQ
Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service file-descriptor exhaustion and broker crash or hang by sending many openwire failover:tcp:// connection requests...
ActiveMQ's OpenWire protocol exposes certain system details as plain text
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details such as the OS and kernel version are exposed as plain text...
GHSA-7QM4-P377-FR2R ActiveMQ's OpenWire protocol exposes certain system details as plain text
When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details such as the OS and kernel version are exposed as plain text...
com.io7m.jsay:com.io7m.jsay (=0.0.2), io.fabric8.ipaas.apps:artemis (>=2.2.94 <=2.2.96) +10 more potentially affected by CVE-2021-26118 via org.apache.activemq:artemis-openwire-protocol (>=1.0.0 <=2.15.0)
org.apache.activemq:artemis-openwire-protocol MAVEN version =1.0.0, =2.2.94, =2.2.90, =2.2.97, =2.2.97, =2.2.94, =2.2.90, =2.2.97, =2.2.94, =0.1.0, =0.1.0, =1.0.0, =2.15.0 Source cves: CVE-2021-26118 Source advisory: OSV:GHSA-Q7FR-VQHQ-V5XR...
Debian DLA-2583-1 : activemq security update
Multiple security issues were discovered in activemq, a message broker built around Java Message Service. CVE-2017-15709 When using the OpenWire protocol in activemq, it was found that certain system details such as the OS and kernel version are exposed as plain text. CVE-2018-11775 TLS hostname...
CVE-2021-26118
A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity. Mitigation If you are not usin...
7: OpenWire can create destinations with an unpriviledged user
A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity...
CVE-2021-26118
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error...
UBUNTU-CVE-2021-26118
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error...
CVE-2021-26118 Flaw in ActiveMQ Artemis OpenWire support
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error...
CVE-2021-26118
The CVE-2021-26118 issue affects Apache ActiveMQ Artemis 2.15.0, where the OpenWire protocol head can produce advisory messages outside policy-based access control for the entire session, bypassing session-wide ACL protection. The root cause is improper access control enforcement during advisory ...
PT-2021-16959
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis version 2.15.0 Description The creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis bypassed policy-based access control for the entire session. This occurred because the production of...
7: OpenWire can create destinations with an unpriviledged user
A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity...
Apache ActiveMQ 5.14.x - 5.15.2 OpenWire Information Disclosure
The version of Apache ActiveMQ running on the remote host is 5.15.4.x or 5.14.x prior to 5.15.3. It is, therefore, affected by an unspecified flaw related to the OpenWire protocol that allows information disclosure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...