Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-46604

Опубликовано: 27 окт. 2023
Источник: debian

Описание

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
activemqfixed5.17.6+dfsg-1package

Примечания

  • https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

  • http://www.openwall.com/lists/oss-security/2023/10/27/5

  • https://issues.apache.org/jira/browse/AMQ-9370

  • https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0 (activemq-5.17.6)

Связанные уязвимости

ubuntu логотип

CVE-2023-46604

CVSS3: 10
ubuntu
около 2 лет назад

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

redhat логотип

CVE-2023-46604

CVSS3: 9.8
redhat
около 2 лет назад

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

nvd логотип

CVE-2023-46604

CVSS3: 10
nvd
около 2 лет назад

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

github логотип

GHSA-crg9-44h2-xw35

CVSS3: 10
github
около 2 лет назад

Apache ActiveMQ is vulnerable to Remote Code Execution

fstec логотип

BDU:2023-07372

CVSS3: 10
fstec
около 2 лет назад

Уязвимость программной платформы Apache ActiveMQ, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код