Apache ActiveMQ Remote Code Execution Vulnerability

Oct 27, 2023 GMT+08:00

I. Overview

Recently, Apache ActiveMQ released a new version which has fixed a remote code execution vulnerability. An unauthenticated remote attacker could send a malicious request to port 61616 (default port) of Apache ActiveMQ to exploit the vulnerability. Successful exploitation of this vulnerability can cause remote code execution and gain control of the target server. This vulnerability has been exploited in the wild, and the risk is high.

Apache ActiveMQ is the most popular open-source message middleware that provides efficient, scalable, stable, and secure enterprise-level message communication for applications. If you are an Apache ActiveMQ user, check your versions and implement timely security hardening.

References:

https://github.com/apache/activemq/tags

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Apache ActiveMQ < 5.18.3

Apache ActiveMQ < 5.17.6

Apache ActiveMQ < 5.16.7

Apache ActiveMQ < 5.15.16

Secure versions:

Apache ActiveMQ ≥ 5.18.3

Apache ActiveMQ ≥ 5.17.6

Apache ActiveMQ ≥ 5.16.7

Apache ActiveMQ ≥ 5.15.16

IV. Vulnerability Handling

This vulnerability has been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the secure version.

https://github.com/apache/activemq/tags

If upgrade cannot be performed in a timely manner, you can use the whitelist to restrict web port access. (Evaluate the impact on services before performing the upgrade.)

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.