A new vulnerability in the Apache ActiveMQ NMS AMQP Client allows attackers to execute arbitrary code due to insecure deserialization logic. Organizations using versions up to 2.3.0 are at risk, emphasizing the need for timely updates and security measures. #ApacheActiveMQ #SerializationVulnerability
Keypoints
- The vulnerability affects all versions of Apache ActiveMQ NMS AMQP Client up to 2.3.0.
- It stems from insecure deserialization, which can be exploited by malicious servers.
- Attackers can execute arbitrary code, gaining full system access or deploying malware.
- Apache attempted mitigation in version 2.1.0, but bypass techniques have been discovered.
- Recommended actions include applying patches, securing connections, and improving input validation.
Read More: https://www.esecurityplanet.com/news/apache-activemq-vulnerability/