目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2023-46604— Apache ActiveMQ 代码问题漏洞

CVSS 10.0 · Critical KEV · ランサムウェア EPSS 94.44% · P100
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2023-46604の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
ソース: NVD (National Vulnerability Database)
脆弱性説明
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
可信数据的反序列化
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Apache ActiveMQ 代码问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Apache ActiveMQ是美国阿帕奇(Apache)基金会的一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ 5.15.16之前、5.16.7之前、5.17.6之前或5.18.3之前版本存在代码问题漏洞,该漏洞源于允许具有代理网络访问权限的远程攻击者通过操纵 OpenWire 协议中的序列化类类型来运行任意 shell 命令。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

Shenlong 10 Questions — AI 深度分析

十问解析:根本原因、利用方式、修复建议、紧迫性。摘要免费,完整版需登录。

查看摘要 完整分析(登录)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
Apache Software FoundationApache ActiveMQ 5.18.0 ~ 5.18.3 -
Apache Software FoundationApache ActiveMQ Legacy OpenWire Module 5.18.0 ~ 5.18.3 -

II. CVE-2023-46604の公開POC

#POC説明ソースリンクShenlongリンク
1ActiveMQ RCE (CVE-2023-46604) 漏洞利用工具, 基于 Go 语言https://github.com/X1r0z/ActiveMQ-RCEPOC詳細
2CVE-2023-46604https://github.com/JaneMandy/ActiveMQ_RCE_Pro_MaxPOC詳細
3 Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604) https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQPOC詳細
4Nonehttps://github.com/evkl1d/CVE-2023-46604POC詳細
5 CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation toolhttps://github.com/sule01u/CVE-2023-46604POC詳細
6CVE-2023-46604 Apache ActiveMQ RCE exp 基于pythonhttps://github.com/justdoit-cai/CVE-2023-46604-Apache-ActiveMQ-RCE-expPOC詳細
7Nonehttps://github.com/h3x3h0g/ActiveMQ-RCE-CVE-2023-46604-Write-upPOC詳細
8This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell. The vulnerability allows for remote code execution due to unsafe deserialization within the OpenWire protocol.https://github.com/duck-sec/CVE-2023-46604-ActiveMQ-RCE-pseudoshellPOC詳細
9POC repo for CVE-2023-46604https://github.com/vjayant93/CVE-2023-46604-POCPOC詳細
10CVE-2023-46604环境复现包https://github.com/LiritoShawshark/CVE-2023-46604_ActiveMQ_RCE_RecurrencePOC詳細
11Nonehttps://github.com/NKeshawarz/CVE-2023-46604-RCEPOC詳細
12PYhttps://github.com/minhangxiaohui/ActiveMQ_CVE-2023-46604POC詳細
13Nonehttps://github.com/nitzanoligo/CVE-2023-46604-demoPOC詳細
14Repository to exploit CVE-2023-46604 reported for ActiveMQhttps://github.com/tomasmussi-mulesoft/activemq-cve-2023-46604POC詳細
15CVE-2023-46604https://github.com/trganda/ActiveMQ-RCEPOC詳細
16Exploit for CVE-2023-46604https://github.com/mrpentst/CVE-2023-46604POC詳細
17Nonehttps://github.com/dcm2406/CVE-2023-46604POC詳細
18CVE-2023-46604 - ApacheMQ Version 5.15.5 Vulnerability Machine: Brokerhttps://github.com/Mudoleto/Broker_ApacheMQPOC詳細
19Nonehttps://github.com/hh-hunter/cve-2023-46604POC詳細
20Nonehttps://github.com/ST3G4N05/ExploitScript-CVE-2023-46604POC詳細
21ActiveMQ RCE (CVE-2023-46604) 回显利用工具https://github.com/Arlenhiack/ActiveMQ-RCE-ExploitPOC詳細
22Nonehttps://github.com/ph-hitachi/CVE-2023-46604POC詳細
23A go-exploit for Apache ActiveMQ CVE-2023-46604https://github.com/vulncheck-oss/cve-2023-46604POC詳細
24activemq-rce-cve-2023-46604https://github.com/thinkycx/activemq-rce-cve-2023-46604POC詳細
25 CVE-2023-46604 (Apache ActiveMQ RCE Vulnerability) and focused on getting Indicators of Compromise.https://github.com/mranv/honeypot.rsPOC詳細
26El script explota una vulnerabilidad de deserialización insegura en Apache ActiveMQ (CVE-2023-46604) https://github.com/pulentoski/CVE-2023-46604POC詳細
27Nonehttps://github.com/stegano5/ExploitScript-CVE-2023-46604POC詳細
28Nonehttps://github.com/cuanh2333/CVE-2023-46604POC詳細
29Repository to exploit CVE-2023-46604 reported for ActiveMQhttps://github.com/tomasmussi-mulesoft/activemq-cve-2023-46604-duplicatePOC詳細
30Repository to exploit CVE-2023-46604 reported for ActiveMQhttps://github.com/tomasmussi/activemq-cve-2023-46604POC詳細
31Nonehttps://github.com/skrkcb2/CVE-2023-46604POC詳細
32Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue. https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2023/CVE-2023-46604.yamlPOC詳細
33Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20ActiveMQ%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-46604.mdPOC詳細
34Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20ActiveMQ%20OpenWire%20%E5%8D%8F%E8%AE%AE%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2023-46604.mdPOC詳細
35https://github.com/vulhub/vulhub/blob/master/activemq/CVE-2023-46604/README.mdPOC詳細
36CVE-2023-46604https://github.com/ImuSpirit/ActiveMQ_RCE_Pro_MaxPOC詳細
37Nonehttps://github.com/CCIEVoice2009/CVE-2023-46604POC詳細
38Vulnerability Detection and Mitigation Apache ActiveMQ | Security Architectures and Systems Administration - on - Apache ActiveMQ Deserialization Remote Code Execution (RCE) – CVE-2023-46604https://github.com/vaishnavucv/Project-Vuln-Detection-N-Mitigation_101POC詳細
39Detection, Exploit and Mitigation for CVE 2023 46604. https://github.com/pavanaa4k/CVE-2023-46604-LABPOC詳細
40A PoC for CVE-2023-46604 written as part of SPS class for the Advanced Cyber Security master's at UPB.https://github.com/RockyDesigne/SSP-Assignment-3-RCEYouLaterPOC詳細
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2023-46604のインテリジェンス情報

登录查看更多情报信息。

IV. 関連脆弱性

同じ製品: Apache ActiveMQ
同じベンダー: Apache Software Foundation
同じ弱点: CWE-502

V. CVE-2023-46604へのコメント

まだコメントはありません

コメントを残す