【概要】
公開日 |
登録日 |
CVE番号 |
NVD |
ベンダー |
CVSS v3 |
CWE |
脆弱性 |
備考 |
---|---|---|---|---|---|---|---|---|
2023/10/27 | 2023/10/24 | CVE-2023-46604 | NVD | Apache | 9.8(NVD) 10.0(Apache) |
CWE-502 | 信頼できないデータのデシリアライゼーション |
【ニュース】
◆3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (BleepingComputer, 2023/11/01 14:05)
[RCE攻撃に脆弱なApache ActiveMQサーバー3,000台がネット上に公開される]
https://www.bleepingcomputer.com/news/security/3-000-apache-activemq-servers-vulnerable-to-rce-attacks-exposed-online/
⇒ https://vul.hatenadiary.com/entry/2023/11/01/000000_2
◆「Apache ActiveMQ」に脆弱性 - リモートよりコードを実行されるおそれ (Security NEXT, 2023/11/01)
https://www.security-next.com/150758
⇒ https://vul.hatenadiary.com/entry/2023/11/01/000000_1
◆Apache ActiveMQに緊急の脆弱性、速やかにアップデートを (マイナビニュース, 2023/11/05 16:07)
https://news.mynavi.jp/techplus/article/20231105-2809632/
⇒ https://vul.hatenadiary.com/entry/2023/11/05/000000
◆「Apache ActiveMQ」の脆弱性が標的に - ランサム攻撃にも悪用か (Security NEXT, 2023/11/06)
https://www.security-next.com/150846
⇒ https://vul.hatenadiary.com/entry/2023/11/06/000000_3
◆Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits (BleepingComputer, 2023/11/20)
[Kinsing マルウェア、Apache ActiveMQ RCE を悪用してルートキットを仕掛ける]
https://www.bleepingcomputer.com/news/security/kinsing-malware-exploits-apache-activemq-rce-to-plant-rootkits/
⇒ https://vul.hatenadiary.com/entry/2023/11/20/000000
【ブログ】
◆Apache ActiveMQ (バージョン < 5.18.3) RCE 分析 (X1r0z Blog, 2023/10/25)
https://exp10it.io/2023/10/apache-activemq-%E7%89%88%E6%9C%AC-5.18.3-rce-%E5%88%86%E6%9E%90/
⇒ https://vul.hatenadiary.com/entry/2023/10/25/000000_2
◆CVE-2023-46604: Apache ActiveMQ の悪用の疑い (Rapid7, 2023/11/01 21:13)
https://www.rapid7.com/ja/about/japan-blog-and-news/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
⇒ https://vul.hatenadiary.com/entry/2023/11/01/000000_3
◆Apache ActiveMQ - RCE脆弱性(CVE-2023-46604) (Qiita, 2023/11/03)
https://qiita.com/M_Yanagihara/items/e4dfa98880a351e2a236
⇒ https://vul.hatenadiary.com/entry/2023/11/03/000000
【公開情報】
◆CVE-2023-46604 (Rapid7, 2023/11/02)
https://attackerkb.com/topics/IHsgZDE3tS/cve-2023-46604/rapid7-analysis
⇒ https://vul.hatenadiary.com/entry/2023/11/02/000000_1
【検索】
google: Apache ActiveMQ
google: CVE-2023-46604
google: OpenWire
google:news: Apache ActiveMQ
google:news: CVE-2023-46604
google:news: OpenWire
google: site:virustotal.com Apache ActiveMQ
google: site:virustotal.com CVE-2023-46604
google: site:virustotal.com OpenWire
google: site:github.com Apache ActiveMQ
google: site:github.com CVE-2023-46604
google: site:github.com OpenWire
■Bing
https://www.bing.com/search?q=Apache ActiveMQ
https://www.bing.com/search?q=CVE-2023-46604
https://www.bing.com/search?q=OpenWire
https://www.bing.com/news/search?q=Apache ActiveMQ
https://www.bing.com/news/search?q=CVE-2023-46604
https://www.bing.com/news/search?q=OpenWire
https://twitter.com/search?q=%23Apache ActiveMQ
https://twitter.com/search?q=%23CVE-2023-46604
https://twitter.com/search?q=%23OpenWire
https://twitter.com/hashtag/Apache ActiveMQ
https://twitter.com/hashtag/CVE-2023-46604
https://twitter.com/hashtag/OpenWire
■ExploitDB
https://www.exploit-db.com/search?q=Apache ActiveMQ
https://www.exploit-db.com/search?q=CVE-2023-46604
https://www.exploit-db.com/search?q=OpenWire
【関連まとめ記事】
◆Apache ActiveMQ (まとめ)
https://vul.hatenadiary.com/entry/Apache_ActiveMQ