Intrusion PreventionApache.ActiveMQ.CVE-2023-46604.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Apache Software Foundation ActiveMQ.
The vulnerability is due to insufficient validation during the deserialization of OpenWire packets by the broker. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to the application. Successful exploitation may lead to remote code execution in the context of the service.
Outbreak Alert
Ransomware attackers are targeting servers running outdated and vulnerable versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604).
Affected Products
Apache ActiveMQ 5.18.0 before 5.18.3
Apache ActiveMQ 5.17.0 before 5.17.6
Apache ActiveMQ 5.16.0 before 5.16.7
Apache ActiveMQ before 5.15.16
Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16
Impact
System Compromise: Remote attacker can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-01-22 | 26.719 | Sig Added |
| 2023-12-20 | 26.700 | Sig Added |
| 2023-11-27 | 26.684 | Default_action:pass:drop |
| 2023-11-07 | 26.673 |
| ID | 54343 |
| Created | Nov 07, 2023 |
| Updated | Jan 22, 2024 |
| Outbreak Alert | Apache ActiveMQ Attack |
| Threat Signal | View Report |
| Risk |
|
| CVE ID | CVE-2023-46604 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.27% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |