Apache ActiveMQ 5.x < 5.13.0 Java Object Unserialization RCE
Critical Nessus Network Monitor Plugin ID 9080
SynopsisThe remote host is running a web application that is affected by a remote code execution vulnerability.
DescriptionVersions of Apache ActiveMQ 5.x prior to 5.13.0 are affected by a remote code execution vulnerability in the broker due to unsafe unserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host.
SolutionUpgrade to ActiveMQ 5.13.0 or later.