All the vulnerabilites related to Apache Software Foundation - Apache ActiveMQ Legacy OpenWire Module
cve-2023-46604
Vulnerability from cvelistv5
Published
2023-10-27 14:59
Modified
2024-08-02 20:45
Severity ?
Summary
Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:45:42.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Apr/18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.activemq:activemq-client",
          "product": "Apache ActiveMQ",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "5.18.3",
              "status": "affected",
              "version": "5.18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.17.6",
              "status": "affected",
              "version": "5.17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.16.7",
              "status": "affected",
              "version": "5.16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.16",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.activemq:activemq-openwire-legacy",
          "product": "Apache ActiveMQ Legacy OpenWire Module",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "5.18.3",
              "status": "affected",
              "version": "5.18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.17.6",
              "status": "affected",
              "version": "5.17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.16.7",
              "status": "affected",
              "version": "5.16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.16",
              "status": "affected",
              "version": "5.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "yejie@threatbook.cn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\u003c/div\u003e"
            }
          ],
          "value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-28T15:02:28.206Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
        },
        {
          "url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Apr/18"
        }
      ],
      "source": {
        "defect": [
          "AMQ-9370"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-46604",
    "datePublished": "2023-10-27T14:59:31.046Z",
    "dateReserved": "2023-10-24T08:55:31.050Z",
    "dateUpdated": "2024-08-02T20:45:42.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}