CVE-2023-46604
Description
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath.
Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Severity: CRITICAL
CVE ID: CVE-2023-46604
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVE ID: CVE-2023-46604
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
Proof Of Concept
trganda
CVE-2023-46604
Refrence: GitHub
X1r0z
ActiveMQ RCE (CVE-2023-46604) 漏洞利用工具
Refrence: GitHub
JaneMandy
CVE-2023-46604
Refrence: GitHub
SaumyajeetDas
Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)
Refrence: GitHub
evkl1d
Refrence: GitHub
sule01u
CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation tool
Refrence: GitHub
justdoit-cai
CVE-2023-46604 Apache ActiveMQ RCE exp 基于python
Refrence: GitHub
h3x3h0g
Refrence: GitHub
duck-sec
This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell. The vulnerability allows for remote code execution due to unsafe deserialization within the OpenWire protocol.
Refrence: GitHub
vjayant93
POC repo for CVE-2023-46604
Refrence: GitHub
LiritoShawshark
CVE-2023-46604环境复现包
Refrence: GitHub
NKeshawarz
Refrence: GitHub
minhangxiaohui
PY
Refrence: GitHub
nitzanoligo
Refrence: GitHub
tomasmussi-mulesoft
Repository to exploit CVE-2023-46604 reported for ActiveMQ
Refrence: GitHub
dcm2406
Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604
Refrence: GitHub
mrpentst
Exploit for CVE-2023-46604
Refrence: GitHub
dcm2406
Refrence: GitHub
Mudoleto
CVE-2023-46604 - ApacheMQ Version 5.15.5 Vulnerability Machine: Broker
Refrence: GitHub
hh-hunter
Refrence: GitHub
ST3G4N05
Refrence: GitHub
Arlenhiack
ActiveMQ RCE (CVE-2023-46604) 回显利用工具
Refrence: GitHub
ph-hitachi
Refrence: GitHub
vulncheck-oss
A go-exploit for Apache ActiveMQ CVE-2023-46604
Refrence: GitHub
thinkycx
activemq-rce-cve-2023-46604
Refrence: GitHub
Content on GitHub
Anekant-Singhai | watchers:1
Exploits
Exploits working {tested my me} for various scenarios
Refrence: GitHub