Concealed attacks likely with new Apache Active MQ exploit

16 November 2023

Vulnerable Apace ActiveMQ instances impacted by the maximum severity bug, tracked as CVE-2023-46604, could be exploited to achieve arbitrary code execution from memory through a new proof-of-concept exploit, The Hacker News reports. While previous attacks targeted at the flaw used ActiveMQ’s ClassPathXmlApplicationContext class to facilitate malicious XML bean configuration file loading and remote code execution, VulnCheck researchers noted that an exploit using the FileSystemXmlApplicationContext class with a custom SpEL expression yielded the same results without placing their tools to disk.

Source: SC Magazine

Date:

16 November 2023

Categorie(s):

NEWS

Tag(s):

Active, Apache, IT, MQ, News

Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 202428 April 2024
Security budgets are growing, but so is vendor sprawl27 April 2024
The Top 5 Benefits Of Using Outsourcing Services27 April 2024
How To Repair PST Files In Under 5 Minutes Like A Pro27 April 2024
How To Secure Your Snapchat Account27 April 2024