Over 3,000 Apache ActiveMQ Servers Exposed to Critical RCE Attacks Online

November 1, 2023

A critical remote code execution (RCE) vulnerability, identified as CVE-2023-46604, has left over 3,000 internet-exposed Apache ActiveMQ servers at risk. Apache ActiveMQ is a popular open-source message broker that enables communication between clients and servers. It supports Java and various cross-language clients, as well as multiple protocols such as AMQP, MQTT, OpenWire, and STOMP. The platform is commonly used in enterprise environments for system communication without direct connectivity due to its support for secure authentication and authorization mechanisms.

CVE-2023-46604 is a critical severity RCE that allows attackers to execute arbitrary shell commands by exploiting the serialized class types in the OpenWire protocol. The vulnerability affects certain versions of Apache ActiveMQ and the Legacy OpenWire Module, as revealed in Apache's disclosure from October 27, 2023. Fixes for the flaw were released on the same day with the updated versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3.

Researchers from threat monitoring service ShadowServer uncovered 7,249 servers with accessible ActiveMQ services. Out of these, 3,329 were identified to be running a version of ActiveMQ that is susceptible to CVE-2023-4660, making all these servers vulnerable to remote code execution. A geographical breakdown of the vulnerable servers shows that the majority (1,400) are in China, followed by the United States with 530, and Germany with 153. Other countries like India, the Netherlands, Russia, France, and South Korea each have 100 exposed servers.

The exploitation of CVE-2023-46604 could have severe consequences in enterprise environments where Apache ActiveMQ is used as a message broker. Potential impacts include message interception, workflow disruption, data theft, and even lateral movement within the network. Given that the technical details for exploiting CVE-2023-46604 are publicly accessible, the need to apply the released security updates is urgent.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.