AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Thousands of Apache ActiveMQ servers at risk of compromise

A dangerous vulnerability jeopardizes the security of Apache ActiveMQ servers

More than 3,000 Apache ActiveMQ servers are at risk due to remote code vulnerability. Attackers can execute shell commands and steal data. Apache has released fixes, but many vulnerable servers are still in China, the United States, Germany, India, the Netherlands, Russia, France and South Korea.

This pill is also available in Italian language

More than three thousand exposed Apache ActiveMQ servers on the Internet are currently at risk due to a recently disclosed critical remote code execution (RCE) vulnerability. Apache ActiveMQ is a widely used open-source message broker that facilitates communication in enterprise environments. It supports various secure authentication and authorization mechanisms, making it a key component in systems where direct connectivity is not possible.

Vulnerability

The vulnerability in question, designated CVE-2023-46604, is classified as critical and allows attackers to execute arbitrary shell commands by leveraging serialized class types in the OpenWire protocol. This could potentially lead to message interception, workflow disruptions, data theft, and even lateral movement within the network.

Fixes and vulnerable servers

Apache released fixes for this issue on October 27, 2023, with recommended update versions including: 5.15.16 5.16.7 5.17.6 5.18.3 Researchers at the ShadowServer threat monitoring service discovered a total of 7,249 servers accessible with ActiveMQ services. Of these, 3,329 were running a vulnerable version of ActiveMQ, putting them at risk of remote code execution.

Geographical distribution of vulnerable servers

The majority of these vulnerable servers (1,400) are located in China, with the United States hosting 530, Germany 153, and India, the Netherlands, Russia, France and South Korea each having 100 or more exposed. With technical details about the CVE-2023-46604 exploit publicly available, applying security updates becomes a matter of urgency.

Follow us on Facebook for more pills like this

11/02/2023 10:14

Editorial AI

Last pills

Data breach: 560 million users involvedHow to protect yourself from the consequences of a major data breach

Ransomware attack on Synnovis: London health services in crisisSevere disruption to pathology and diagnostic services in London

A new LPE exploit for Windows for sale in the undergroundA new local privilege escalation threat for Windows in the underground forums

Critical failure in Check Point VPN solutions: risks and security measuresExposure of enterprise systems: urgent updates and patches to protect networks