DETECTION OVERVIEW

Apache ActiveMQ Exploit - CVE-2023-46604

Risk Factors

Apache ActiveMQ is commonly deployed in enterprise environments. An attacker with network access to ActiveMQ can leverage attack tools to take control of an ActiveMQ server or steal sensitive data.

Kill Chain

Exploitation

Risk Score

Attack Background

The Java OpenWire protocol is associated with the open source message-oriented broker service, Apache ActiveMQ, which enables client connections. A vulnerability in the Java OpenWire protocol enables remote attackers to manipulate a serialized class type and inject malicious commands. To exploit this vulnerability, the attacker establishes a connection to ActiveMQ over the OpenWire protocol and sends a specially designed OpenWire request. The ActiveMQ server trusts the class type provided by the attacker. Then, the request prompts the ActiveMQ server to load a class configuration file and run the malicious command within the serialized class type.

Mitigation Options

Upgrade brokers and clients to version 5.18.3, 5.17.6, 5.16.7, or 5.15.16

MITRE ATT&CK ID

T1210

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases