gsd-2023-46604
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The Java OpenWire protocol marshaller is vulnerable to Remote Code
Execution. This vulnerability may allow a remote attacker with network
access to either a Java-based OpenWire broker or client to run arbitrary
shell commands by manipulating serialized class types in the OpenWire
protocol to cause either the client or the broker (respectively) to
instantiate any class on the classpath.
Users are recommended to upgrade
both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3
which fixes this issue.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-46604",
"id": "GSD-2023-46604"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-46604"
],
"details": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\n\n",
"id": "GSD-2023-46604",
"modified": "2023-12-13T01:20:53.034310Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2023-46604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache ActiveMQ",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.18.0",
"version_value": "5.18.3"
},
{
"version_affected": "\u003c",
"version_name": "5.17.0",
"version_value": "5.17.6"
},
{
"version_affected": "\u003c",
"version_name": "5.16.0",
"version_value": "5.16.7"
},
{
"version_affected": "\u003c",
"version_name": "0",
"version_value": "5.15.16"
}
]
}
},
{
"product_name": "Apache ActiveMQ Legacy OpenWire Module",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.18.0",
"version_value": "5.18.3"
},
{
"version_affected": "\u003c",
"version_name": "5.17.0",
"version_value": "5.17.6"
},
{
"version_affected": "\u003c",
"version_name": "5.16.0",
"version_value": "5.16.7"
},
{
"version_affected": "\u003c",
"version_name": "5.8.0",
"version_value": "5.15.16"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credits": [
{
"lang": "en",
"value": "yejie@threatbook.cn"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-502",
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt",
"refsource": "MISC",
"url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
},
{
"name": "https://www.openwall.com/lists/oss-security/2023/10/27/5",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
},
{
"name": "https://security.netapp.com/advisory/ntap-20231110-0010/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
},
{
"name": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
},
{
"name": "http://seclists.org/fulldisclosure/2024/Apr/18",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2024/Apr/18"
}
]
},
"source": {
"defect": [
"AMQ-9370"
],
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"cve": {
"cisaActionDue": "2023-11-23",
"cisaExploitAdd": "2023-11-02",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Apache ActiveMQ Deserialization of Untrusted Data Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B695E3-E637-44DC-BF2C-A24943EADBA1",
"versionEndExcluding": "5.15.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A5C039-10BA-4D0E-A243-6B313721C7FF",
"versionEndExcluding": "5.16.7",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8395C4-40D7-4BD3-970B-3F0E32BCB771",
"versionEndExcluding": "5.17.6",
"versionStartIncluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA18155-D2AD-459A-94C7-136F981FD252",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D92110D-B913-4431-B7EB-0C949544E7B8",
"versionEndExcluding": "5.15.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8476D8D6-8394-4CD0-9E8C-41DCD96983BE",
"versionEndExcluding": "5.16.7",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "050649B9-4196-4BA1-9323-6B49E45B2E98",
"versionEndExcluding": "5.17.6",
"versionStartIncluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9AE45E-8CDE-4083-A996-D0E90EA0A792",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\n\n"
},
{
"lang": "es",
"value": "Apache ActiveMQ es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad puede permitir que un atacante remoto con acceso a la red de un corredor ejecute comandos de shell arbitrarios manipulando tipos de clases serializadas en el protocolo OpenWire para hacer que el corredor cree una instancia de cualquier clase en el classpath. Se recomienda a los usuarios actualizar a la versi\u00f3n 5.15.16, 5.16.7, 5.17.6 o 5.18.3, que soluciona este problema."
}
],
"id": "CVE-2023-46604",
"lastModified": "2024-04-11T08:15:49.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security@apache.org",
"type": "Secondary"
}
]
},
"published": "2023-10-27T15:15:14.017",
"references": [
{
"source": "security@apache.org",
"url": "http://seclists.org/fulldisclosure/2024/Apr/18"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
},
{
"source": "security@apache.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
},
{
"source": "security@apache.org",
"url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
},
{
"source": "security@apache.org",
"url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
},
{
"source": "security@apache.org",
"url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
}
}
}
Loading...