AI DevwWrld Chatbot Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Thousands of Apache ActiveMQ servers at risk of compromise

A dangerous vulnerability jeopardizes the security of Apache ActiveMQ servers

More than 3,000 Apache ActiveMQ servers are at risk due to remote code vulnerability. Attackers can execute shell commands and steal data. Apache has released fixes, but many vulnerable servers are still in China, the United States, Germany, India, the Netherlands, Russia, France and South Korea.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

More than three thousand exposed Apache ActiveMQ servers on the Internet are currently at risk due to a recently disclosed critical remote code execution (RCE) vulnerability. Apache ActiveMQ is a widely used open-source message broker that facilitates communication in enterprise environments. It supports various secure authentication and authorization mechanisms, making it a key component in systems where direct connectivity is not possible.

Vulnerability

The vulnerability in question, designated CVE-2023-46604, is classified as critical and allows attackers to execute arbitrary shell commands by leveraging serialized class types in the OpenWire protocol. This could potentially lead to message interception, workflow disruptions, data theft, and even lateral movement within the network.

Fixes and vulnerable servers

Apache released fixes for this issue on October 27, 2023, with recommended update versions including: 5.15.16 5.16.7 5.17.6 5.18.3 Researchers at the ShadowServer threat monitoring service discovered a total of 7,249 servers accessible with ActiveMQ services. Of these, 3,329 were running a vulnerable version of ActiveMQ, putting them at risk of remote code execution.

Geographical distribution of vulnerable servers

The majority of these vulnerable servers (1,400) are located in China, with the United States hosting 530, Germany 153, and India, the Netherlands, Russia, France and South Korea each having 100 or more exposed. With technical details about the CVE-2023-46604 exploit publicly available, applying security updates becomes a matter of urgency.

Follow us on Twitter for more pills like this

11/02/2023 10:14

Editorial AI

Last pills

Global blow to cybercrime: a major ransomware network has fallenCybercriminal organization busted: a success for global cybersecurity

Crisis in aviation: Rosaviatsia targeted by cyberattackCyber attack exposes vulnerability of Russian aviation sector

Introduction to the new SysJoker threatIn-depth analysis reveals evolutions and risks of SysJoker cross-platform malware

Cybersecurity strategies compared between Taiwan and JapanStrengthening digital defenses in the information age