Thousands of Apache ActiveMQ servers at risk of compromise
A dangerous vulnerability jeopardizes the security of Apache ActiveMQ servers
More than 3,000 Apache ActiveMQ servers are at risk due to remote code vulnerability. Attackers can execute shell commands and steal data. Apache has released fixes, but many vulnerable servers are still in China, the United States, Germany, India, the Netherlands, Russia, France and South Korea.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
More than three thousand exposed Apache ActiveMQ servers on the Internet are currently at risk due to a recently disclosed critical remote code execution (RCE) vulnerability. Apache ActiveMQ is a widely used open-source message broker that facilitates communication in enterprise environments. It supports various secure authentication and authorization mechanisms, making it a key component in systems where direct connectivity is not possible.
The vulnerability in question, designated CVE-2023-46604, is classified as critical and allows attackers to execute arbitrary shell commands by leveraging serialized class types in the OpenWire protocol. This could potentially lead to message interception, workflow disruptions, data theft, and even lateral movement within the network.
Fixes and vulnerable servers
Apache released fixes for this issue on October 27, 2023, with recommended update versions including: 5.15.16 5.16.7 5.17.6 5.18.3 Researchers at the ShadowServer threat monitoring service discovered a total of 7,249 servers accessible with ActiveMQ services. Of these, 3,329 were running a vulnerable version of ActiveMQ, putting them at risk of remote code execution.
Geographical distribution of vulnerable servers
The majority of these vulnerable servers (1,400) are located in China, with the United States hosting 530, Germany 153, and India, the Netherlands, Russia, France and South Korea each having 100 or more exposed. With technical details about the CVE-2023-46604 exploit publicly available, applying security updates becomes a matter of urgency.Follow us on Twitter for more pills like this