目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CVE-2023-46604— Apache ActiveMQ 代码问题漏洞

CVSS 10.0 · Critical KEV · 勒索软件 EPSS 99.65% · P100

公开利用映射 1

Metasploit · 1 apache_activemq_rce_cve_2023_46604.rb [exploit]
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2023-46604 基础信息

漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
可信数据的反序列化
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Apache ActiveMQ 代码问题漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Apache ActiveMQ是美国阿帕奇(Apache)基金会的一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ 5.15.16之前、5.16.7之前、5.17.6之前或5.18.3之前版本存在代码问题漏洞,该漏洞源于允许具有代理网络访问权限的远程攻击者通过操纵 OpenWire 协议中的序列化类类型来运行任意 shell 命令。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

神龙十问 — AI 深度分析

十问解析:根本原因、利用方式、修复建议、紧迫性。摘要免费,完整版需登录。

查看摘要 完整分析(登录)

受影响产品

厂商产品影响版本CPE订阅
Apache Software FoundationApache ActiveMQ 5.18.0 ~ 5.18.3 -
Apache Software FoundationApache ActiveMQ Legacy OpenWire Module 5.18.0 ~ 5.18.3 -

二、漏洞 CVE-2023-46604 的公开POC

#POC 描述源链接神龙链接
1ActiveMQ RCE (CVE-2023-46604) 漏洞利用工具, 基于 Go 语言https://github.com/X1r0z/ActiveMQ-RCEPOC详情
2CVE-2023-46604https://github.com/JaneMandy/ActiveMQ_RCE_Pro_MaxPOC详情
3 Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604) https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQPOC详情
4Nonehttps://github.com/evkl1d/CVE-2023-46604POC详情
5 CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation toolhttps://github.com/sule01u/CVE-2023-46604POC详情
6CVE-2023-46604 Apache ActiveMQ RCE exp 基于pythonhttps://github.com/justdoit-cai/CVE-2023-46604-Apache-ActiveMQ-RCE-expPOC详情
7Nonehttps://github.com/h3x3h0g/ActiveMQ-RCE-CVE-2023-46604-Write-upPOC详情
8This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell. The vulnerability allows for remote code execution due to unsafe deserialization within the OpenWire protocol.https://github.com/duck-sec/CVE-2023-46604-ActiveMQ-RCE-pseudoshellPOC详情
9POC repo for CVE-2023-46604https://github.com/vjayant93/CVE-2023-46604-POCPOC详情
10CVE-2023-46604环境复现包https://github.com/LiritoShawshark/CVE-2023-46604_ActiveMQ_RCE_RecurrencePOC详情
11Nonehttps://github.com/NKeshawarz/CVE-2023-46604-RCEPOC详情
12PYhttps://github.com/minhangxiaohui/ActiveMQ_CVE-2023-46604POC详情
13Nonehttps://github.com/nitzanoligo/CVE-2023-46604-demoPOC详情
14Repository to exploit CVE-2023-46604 reported for ActiveMQhttps://github.com/tomasmussi-mulesoft/activemq-cve-2023-46604POC详情
15CVE-2023-46604https://github.com/trganda/ActiveMQ-RCEPOC详情
16Exploit for CVE-2023-46604https://github.com/mrpentst/CVE-2023-46604POC详情
17Nonehttps://github.com/dcm2406/CVE-2023-46604POC详情
18CVE-2023-46604 - ApacheMQ Version 5.15.5 Vulnerability Machine: Brokerhttps://github.com/Mudoleto/Broker_ApacheMQPOC详情
19Nonehttps://github.com/hh-hunter/cve-2023-46604POC详情
20Nonehttps://github.com/ST3G4N05/ExploitScript-CVE-2023-46604POC详情
21ActiveMQ RCE (CVE-2023-46604) 回显利用工具https://github.com/Arlenhiack/ActiveMQ-RCE-ExploitPOC详情
22Nonehttps://github.com/ph-hitachi/CVE-2023-46604POC详情
23A go-exploit for Apache ActiveMQ CVE-2023-46604https://github.com/vulncheck-oss/cve-2023-46604POC详情
24activemq-rce-cve-2023-46604https://github.com/thinkycx/activemq-rce-cve-2023-46604POC详情
25 CVE-2023-46604 (Apache ActiveMQ RCE Vulnerability) and focused on getting Indicators of Compromise.https://github.com/mranv/honeypot.rsPOC详情
26El script explota una vulnerabilidad de deserialización insegura en Apache ActiveMQ (CVE-2023-46604) https://github.com/pulentoski/CVE-2023-46604POC详情
27Nonehttps://github.com/stegano5/ExploitScript-CVE-2023-46604POC详情
28Nonehttps://github.com/cuanh2333/CVE-2023-46604POC详情
29Repository to exploit CVE-2023-46604 reported for ActiveMQhttps://github.com/tomasmussi-mulesoft/activemq-cve-2023-46604-duplicatePOC详情
30Repository to exploit CVE-2023-46604 reported for ActiveMQhttps://github.com/tomasmussi/activemq-cve-2023-46604POC详情
31Nonehttps://github.com/skrkcb2/CVE-2023-46604POC详情
32Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue. https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2023/CVE-2023-46604.yamlPOC详情
33Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20ActiveMQ%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-46604.mdPOC详情
34Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20ActiveMQ%20OpenWire%20%E5%8D%8F%E8%AE%AE%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-46604.mdPOC详情
35https://github.com/vulhub/vulhub/blob/master/activemq/CVE-2023-46604/README.mdPOC详情
36CVE-2023-46604https://github.com/ImuSpirit/ActiveMQ_RCE_Pro_MaxPOC详情
37Nonehttps://github.com/CCIEVoice2009/CVE-2023-46604POC详情
38Vulnerability Detection and Mitigation Apache ActiveMQ | Security Architectures and Systems Administration - on - Apache ActiveMQ Deserialization Remote Code Execution (RCE) – CVE-2023-46604https://github.com/vaishnavucv/Project-Vuln-Detection-N-Mitigation_101POC详情
39Detection, Exploit and Mitigation for CVE 2023 46604. https://github.com/pavanaa4k/CVE-2023-46604-LABPOC详情
40A PoC for CVE-2023-46604 written as part of SPS class for the Advanced Cyber Security master's at UPB.https://github.com/RockyDesigne/SSP-Assignment-3-RCEYouLaterPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2023-46604 的情报信息

登录查看更多情报信息。

CVE-2023-46604 厂商安全公告 (1)

CVE-2023-46604 公开利用代码 (2)

CVE-2023-46604 邮件列表归档 (3)

CVE-2023-46604 其他参考 (1)

IV. Related Vulnerabilities

Same product: Apache ActiveMQ
Same vendor: Apache Software Foundation
Same weakness: CWE-502

V. Comments for CVE-2023-46604

暂无评论

发表评论