Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache ActiveMQ 5.x < 5.13.0 Java Object Unserialization RCE

Critical

Synopsis

The remote host is running a web application that is affected by a remote code execution vulnerability.

Description

Versions of Apache ActiveMQ 5.x prior to 5.13.0 are affected by a remote code execution vulnerability in the broker due to unsafe unserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this to execute arbitrary code on the target host.

Solution

Upgrade to ActiveMQ 5.13.0 or later.