ET EXPLOIT Successful Apache ActiveMQ Remote Code Execution (CVE-2023-46604)

SID: 2049385Rev: 166 views
History
Sourceet/open
CreatedNovember 29, 2023
UpdatedNovember 29, 2023
Classificationsuccessful-admin
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Successful Apache ActiveMQ Remote Code Execution (CVE-2023-46604)"; flow:established,to_client; xbits:isset,ET.CVE-2023-46604.attempt, track ip_dst; http.response_body; content:"|3c|bean"; content:"|22|java|2e|lang|2e|ProcessBuilder|22|"; nocase; fast_pattern; distance:0; content:"init|2d|method|3d 22|start|22|"; within:100; content:"constructor|2d|arg"; distance:0; reference:url,attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604; reference:url,activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt; reference:url,github.com/X1r0z/ActiveMQ-RCE; reference:cve,2023-46604; classtype:successful-admin; sid:2049385; rev:1; metadata:attack_target Server, created_at 2023_11_29, cve CVE_2023_46604, deployment Perimeter, performance_impact Low, confidence High, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_11_29, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlattackerkb.com/topics/IHsgZDE3tS/cve-2023-46604
urlactivemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
urlgithub.com/X1r0z/ActiveMQ-RCE
cve2023-46604

Metadata

attack targetServer
created at2023_11_29
deploymentPerimeter
performance impactLow
confidenceHigh
signature severityCritical
tagDescription_Generated_By_Proofpoint_Nexus
updated at2023_11_29
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!