170 matches found
Critical: Red Hat Security Advisory: Red Hat Fuse 7.12.1 release and security update
A minor version update from 7.12 to 7.12.1 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scori...
activemq-openwire: OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
A flaw was found in Apache ActiveMQ, specifically the OpenWire Module. This flaw may allow a remote malicious user to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker to instantiate any class on the classpath. This issue happens when...
Apache ActiveMQ Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a deserialization vulnerability in the OpenWire...
KB Possible Remote Exploit in ApacheMQ pertaining to OpenWire Module
Last Modified Date Mar 8, 2024 8:18:58 PM...
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604 RCE Pseudoshell This script leverages CVE-2023...
Apache ActiveMQ Unauthenticated Remote Code Execution Exploit
This module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16. This module requires Metasploit:...
activemq-openwire: OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
A flaw was found in Apache ActiveMQ, specifically the OpenWire Module. This flaw may allow a remote malicious user to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker to instantiate any class on the classpath. This issue happens when...
Critical: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.5 release and security update
Red Hat AMQ Broker 7.10.5 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
activemq-openwire: OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
A flaw was found in Apache ActiveMQ, specifically the OpenWire Module. This flaw may allow a remote malicious user to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker to instantiate any class on the classpath. This issue happens when...
Critical: Red Hat Security Advisory: security update jboss-amq-6/amq63-openshift container image
Red Hat AMQ 6.3 container image is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
activemq-openwire: OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
A flaw was found in Apache ActiveMQ, specifically the OpenWire Module. This flaw may allow a remote malicious user to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker to instantiate any class on the classpath. This issue happens when...
Critical: Red Hat Security Advisory: jboss-amq-6-amq63-openshift-container security update
An update for jboss-amq-6-amq63-openshift-container is now available for RHEL-7 based Middleware Containers. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Critical: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ Fuse 6.3 R20 HF1 security and bug fix update
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
activemq-openwire: OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
A flaw was found in Apache ActiveMQ, specifically the OpenWire Module. This flaw may allow a remote malicious user to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker to instantiate any class on the classpath. This issue happens when...
Apache ActiveMQ Unauthenticated Remote Code Execution
This module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16. Module Options msf use...
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604 This repository contains an exploit script and...
Apache ActiveMQ vulnerability used in ransomware attacks
On the 27 October, the Apache Software Foundation ASF announced a very serious vulnerability in Apache ActiveMQ that can be used to achieve remote code execution RCE. The Cybersecurity and Infrastructure Security Agency has now added this vulnerability to its Known Exploited Vulnerabilities...
OESA-2023-1778 activemq security update
The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized clas...
VulnCheck KEV: CVE-2023-46604
Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath...
Apache ActiveMQ < 5.15.16 / 5.16.x < 5.16.7 / 5.17.x < 5.17.6 / 5.18.x < 5.18.3 RCE
Apache ActiveMQ is vulnerable to remote code execution. The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. User...