4 matches found
Apache ActiveMQ RCE via Jolokia addNetworkConnector
Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...
CVE-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...
Exploit for CVE-2026-34197
CVE-2026-34197 — Apache ActiveMQ Classic RCE via Jolokia API...
Apache ActiveMQ 安全漏洞
Apache ActiveMQ Broker is an open source message broker and integration pattern server . A security vulnerability exists in Apache ActiveMQ Broker. The vulnerability stems from the Jolokia JMX-HTTP bridge default policy that allows exec operations on MBeans, which can be exploited by an attacker ...