Vulnerabilities

3,000+ Apache ActiveMQ Servers Vulnerable to RCE Attacks

More than 3,000 Apache ActiveMQ servers exposed to the internet are at risk due to a critical remote code execution (RCE) vulnerability identified as CVE-2023-46604. The most widely used open-source, multi-protocol, Java-based message broker is called Apache ActiveMQ. It is compatible with industry-...

S ShomoySoft Editorial
· Apr 16, 2025 · 3 min read · 👁 2 views
3,000+ Apache ActiveMQ Servers Vulnerable to RCE Attacks

More than 3,000 Apache ActiveMQ servers exposed to the internet are at risk due to a critical remote code execution (RCE) vulnerability identified as CVE-2023-46604.

The most widely used open-source, multi-protocol, Java-based message broker is called Apache ActiveMQ. It is compatible with industry-standard protocols, allowing users to take advantage of client choices on a variety of languages and platforms.

Connect from clients written in JavaScript, C, C++, Python,.Net, and other languages. It is compatible with several protocols, including STOMP, AMQP, MQTT, and OpenWire. With its strength and adaptability, ActiveMQ can handle every messaging use case.

Details of the Critical RCE Flaw

Exploiting the serialized class types in the OpenWire protocol, CVE-2023-46604 is a critical severity RCE with a CVSS v3 score of 10.0 that enables attackers to execute arbitrary shell commands.

Document

FREE Trial

Patch Manager Plus to Patch Over 850 Third-party Applications.

Patch Manager Plus, our all-around patching solution, offers automated patch deployment for Windows, macOS, and Linux endpoints, along with patching support for 950+ third-party updates across 850+ third party applications..

“The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath,” ShadowServer reports.

We are scanning & reporting out Apache ActiveMQ instances vulnerable to CVE-2023-46604, a deserialization of untrusted data RCE. 3329 vulnerable brokers found out of 7249 accessible (2023-10-30). Data in new daily Accessible ActiveMQ Service report: https://t.co/vVzn8ddHes pic.twitter.com/tkEJtPHKAh

— Shadowserver (@Shadowserver) October 31, 2023

ShadowServer stated that 7,249 servers have ActiveMQ services available to users. Among these, 3,329 were found to be using an ActiveMQ version that allows all of these servers to be vulnerable to remote code execution attacks.

A majority of the vulnerable servers, 1,400, are located in China, with 530 in the US and 153 in Germany. There are 100 vulnerable servers in other nations, including South Korea, the Netherlands, Russia, the United Kingdom, and India.

Affected Versions

  • Apache ActiveMQ 5.18.0 before 5.18.3

  • Apache ActiveMQ 5.17.0 before 5.17.6

  • Apache ActiveMQ 5.16.0 before 5.16.7

  • Apache ActiveMQ before 5.15.16

  • Apache ActiveMQ Legacy OpenWire Module 5.18.0 before 5.18.3

  • Apache ActiveMQ Legacy OpenWire Module 5.17.0 before 5.17.6

  • Apache ActiveMQ Legacy OpenWire Module 5.16.0 before 5.16.7

  • Apache ActiveMQ Legacy OpenWire Module 5.8.0 before 5.15.16

Fixes Available

It is advised that users update to 5.15.16, 5.16.7, 5.17.6, or 5.18.3 since these versions resolve this issue.

Source: CybersecurityNews.com

Tags: #Linux #Data Breach #Vulnerability #Exploit #APT #Windows
Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Related Articles

Recommended for you