daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

misc update

patch-1
sandeep 2023-11-03 00:12:42 +05:30
parent 98f61b6bb1
commit 04b99563fe
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
http/cves/2023/CVE-2023-46604.yaml
View File

@ -5,8 +5,7 @@ info:
author: Ice3man,Mzack9999,pdresearch
severity: critical
description: |-
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
reference:
- http://www.openwall.com/lists/oss-security/2023/10/27/5
@ -32,8 +31,16 @@ tcp:
port: "61616"
host:
- "{{Hostname}}"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
words:
- "ActiveMQ"
- "StackTraceEnabled"
condition: and