Skip to main content

CVE-2023-46604

Description

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath.

Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-46604
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Apache Software Foundation
Severity: CRITICAL
CVE ID: CVE-2023-46604
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

trganda

CVE-2023-46604

Refrence: GitHub

X1r0z

ActiveMQ RCE (CVE-2023-46604) 漏洞利用工具

Refrence: GitHub

JaneMandy

CVE-2023-46604

Refrence: GitHub

SaumyajeetDas

Achieving a Reverse Shell Exploit for Apache ActiveMQ (CVE_2023-46604)

Refrence: GitHub

evkl1d

Refrence: GitHub

sule01u

CVE-2023-46604 ActiveMQ RCE vulnerability verification/exploitation tool

Refrence: GitHub

justdoit-cai

CVE-2023-46604 Apache ActiveMQ RCE exp 基于python

Refrence: GitHub

h3x3h0g

Refrence: GitHub

duck-sec

This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell. The vulnerability allows for remote code execution due to unsafe deserialization within the OpenWire protocol.

Refrence: GitHub

vjayant93

POC repo for CVE-2023-46604

Refrence: GitHub

LiritoShawshark

CVE-2023-46604环境复现包

Refrence: GitHub

NKeshawarz

Refrence: GitHub

minhangxiaohui

PY

Refrence: GitHub

nitzanoligo

Refrence: GitHub

tomasmussi-mulesoft

Repository to exploit CVE-2023-46604 reported for ActiveMQ

Refrence: GitHub

dcm2406

Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604

Refrence: GitHub

mrpentst

Exploit for CVE-2023-46604

Refrence: GitHub

dcm2406

Refrence: GitHub

Mudoleto

CVE-2023-46604 - ApacheMQ Version 5.15.5 Vulnerability Machine: Broker

Refrence: GitHub

hh-hunter

Refrence: GitHub

ST3G4N05

Refrence: GitHub

Arlenhiack

ActiveMQ RCE (CVE-2023-46604) 回显利用工具

Refrence: GitHub

ph-hitachi

Refrence: GitHub

vulncheck-oss

A go-exploit for Apache ActiveMQ CVE-2023-46604

Refrence: GitHub

thinkycx

activemq-rce-cve-2023-46604

Refrence: GitHub

Content on GitHub

Anekant-Singhai | watchers:1

Exploits
Exploits working {tested my me} for various scenarios

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.8