Over 3,000 Apache ActiveMQ Servers Vulnerable To RCE Attacks

More than 3,000 Apache ActiveMQ servers exposed to the internet are at risk due to a critical remote code execution (RCE) vulnerability identified as CVE-2023-46604.

The most widely used open-source, multi-protocol, Java-based message broker is called Apache ActiveMQ. It is compatible with industry-standard protocols, allowing users to take advantage of client choices on a variety of languages and platforms.

Connect from clients written in JavaScript, C, C++, Python,.Net, and other languages. It is compatible with several protocols, including STOMP, AMQP, MQTT, and OpenWire. With its strength and adaptability, ActiveMQ can handle every messaging use case.

Details of the Critical RCE Flaw

Exploiting the serialized class types in the OpenWire protocol, CVE-2023-46604 is a critical severity RCE with a CVSS v3 score of 10.0 that enables attackers to execute arbitrary shell commands.

FREE Trial

Patch Manager Plus to Patch Over 850 Third-party Applications.

Patch Manager Plus, our all-around patching solution, offers automated patch deployment for Windows, macOS, and Linux endpoints, along with patching support for 950+ third-party updates across 850+ third party applications..

“The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath,” ShadowServer reports.

ShadowServer stated that 7,249 servers have ActiveMQ services available to users. Among these, 3,329 were found to be using an ActiveMQ version that allows all of these servers to be vulnerable to remote code execution attacks.

A majority of the vulnerable servers, 1,400, are located in China, with 530 in the US and 153 in Germany. There are 100 vulnerable servers in other nations, including South Korea, the Netherlands, Russia, the United Kingdom, and India.

Affected Versions

  • Apache ActiveMQ 5.18.0 before 5.18.3
  • Apache ActiveMQ 5.17.0 before 5.17.6
  • Apache ActiveMQ 5.16.0 before 5.16.7
  • Apache ActiveMQ before 5.15.16
  • Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3
  • Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6
  • Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7
  • Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16

Fixes Available

It is advised that users update to 5.15.16, 5.16.7, 5.17.6, or 5.18.3 since these versions resolve this issue.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.