目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CVE-2019-0222 PoC — Apache ActiveMQ 代码注入漏洞

来源
https://github.com/shoucheng3/apache__activemq_CVE-2019-0222_5-15-8
关联漏洞
标题:Apache ActiveMQ 代码注入漏洞 (CVE-2019-0222)
Description:Apache ActiveMQ是美国阿帕奇(Apache)软件基金会的一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ 5.0.0版本至5.15.8版本中存在安全漏洞。攻击者可利用该漏洞造成代理关闭。
介绍
Welcome to Apache ActiveMQ 
=======================================================================
Apache ActiveMQ is a high performance Apache 2.0 licensed
Message Broker and JMS 1.1 implementation.

Getting Started
===============
To help you get started, try the following links:

Getting Started
- http://activemq.apache.org/version-5-getting-started.html

Building
- http://activemq.apache.org/version-5-getting-started.html#GettingStarted-WindowsSourceInstallation
- http://activemq.apache.org/version-5-getting-started.html#GettingStarted-UnixSourceInstallation

Examples
- http://activemq.apache.org/examples.html

We welcome contributions of all kinds, for details of how you can help
http://activemq.apache.org/contributing.html

Please refer to the website for details of finding the issue tracker, 
email lists, wiki or IRC channel at http://activemq.apache.org/

Please help us make Apache ActiveMQ better - we appreciate any feedback 
you may have.

Enjoy!

Licensing
=======================================================================

   This software is licensed under the terms you may find in the file 
   named "LICENSE" in this directory.

   This distribution includes cryptographic software.  The country in 
   which you currently reside may have restrictions on the import, 
   possession, use, and/or re-export to another country, of 
   encryption software.  BEFORE using any encryption software, please 
   check your country's laws, regulations and policies concerning the
   import, possession, or use, and re-export of encryption software, to 
   see if this is permitted.  See <http://www.wassenaar.org/> for more
   information.

   The U.S. Government Department of Commerce, Bureau of Industry and
   Security (BIS), has classified this software as Export Commodity 
   Control Number (ECCN) 5D002.C.1, which includes information security
   software using or performing cryptographic functions with asymmetric
   algorithms.  The form and manner of this Apache Software Foundation
   distribution makes it eligible for export under the License Exception
   ENC Technology Software Unrestricted (TSU) exception (see the BIS 
   Export Administration Regulations, Section 740.13) for both object 
   code and source code.

   The following provides more details on the included cryptographic
   software:
   
   ActiveMQ supports the use of SSL TCP connections when used with 
   with a JVM supporting the Java Cryptography extensions
   <http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html>.
   ActiveMQ does not include these libraries itself, but is designed to use them.
文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →