-
Apache ActiveMQ Unauthenticated Remote Code Execution
Disclosure Date: 2023-10-27First seen: 2023-11-07exploit/multi/misc/apache_activemq_rce_cve_2023_46604This module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16. Authors: - X1r0z - sfewer-r7 -
ActiveMQ web shell upload
Disclosure Date: 2016-06-01First seen: 2020-04-26exploit/multi/http/apache_activemq_upload_jspThe Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. Authors: - Ian Anderson <andrsn84@gmail.com> - Hillary Benson <1n7r1gu3@gmail.com> -
Apache ActiveMQ 5.x-5.11.1 Directory Traversal Shell Upload
Disclosure Date: 2015-08-19First seen: 2020-04-26exploit/windows/http/apache_activemq_traversal_uploadThis module exploits a directory traversal vulnerability (CVE-2015-1830) in Apache ActiveMQ 5.x before 5.11.2 for Windows. The module tries to upload a JSP payload to the /admin directory via the traversal path /fileserver/..\admin\ using an HTTP PUT request with the default ActiveMQ credentials admin:admin (or other credentials provided by the user). It then issues an HTTP GET request to /admin/<payload>.jsp on the target in order to trigger the payload and obtain a shell. Authors: - David Jorm - Erik Wynter -
Apache ActiveMQ JSP Files Source Disclosure
First seen: 2020-04-26auxiliary/scanner/http/apache_activemq_source_disclosureThis module exploits a source code disclosure in Apache ActiveMQ. The vulnerability is due to the Jetty's ResourceHandler handling of specially crafted URI's starting with //. It has been tested successfully on Apache ActiveMQ 5.3.1 over Windows 2003 SP2 and Ubuntu 10.04. Authors: - Veerendra G.G - juan vazquez <juan.vazquez@metasploit.com>
4 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details