AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Thousands of Apache ActiveMQ servers at risk of compromise

A dangerous vulnerability jeopardizes the security of Apache ActiveMQ servers

More than 3,000 Apache ActiveMQ servers are at risk due to remote code vulnerability. Attackers can execute shell commands and steal data. Apache has released fixes, but many vulnerable servers are still in China, the United States, Germany, India, the Netherlands, Russia, France and South Korea.

This pill is also available in Italian language

More than three thousand exposed Apache ActiveMQ servers on the Internet are currently at risk due to a recently disclosed critical remote code execution (RCE) vulnerability. Apache ActiveMQ is a widely used open-source message broker that facilitates communication in enterprise environments. It supports various secure authentication and authorization mechanisms, making it a key component in systems where direct connectivity is not possible.

Vulnerability

The vulnerability in question, designated CVE-2023-46604, is classified as critical and allows attackers to execute arbitrary shell commands by leveraging serialized class types in the OpenWire protocol. This could potentially lead to message interception, workflow disruptions, data theft, and even lateral movement within the network.

Fixes and vulnerable servers

Apache released fixes for this issue on October 27, 2023, with recommended update versions including: 5.15.16 5.16.7 5.17.6 5.18.3 Researchers at the ShadowServer threat monitoring service discovered a total of 7,249 servers accessible with ActiveMQ services. Of these, 3,329 were running a vulnerable version of ActiveMQ, putting them at risk of remote code execution.

Geographical distribution of vulnerable servers

The majority of these vulnerable servers (1,400) are located in China, with the United States hosting 530, Germany 153, and India, the Netherlands, Russia, France and South Korea each having 100 or more exposed. With technical details about the CVE-2023-46604 exploit publicly available, applying security updates becomes a matter of urgency.

Follow us on Telegram for more pills like this

11/02/2023 10:14

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon