New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar
Nov 15, 2023
Ransomware / Vulnerability
Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3 released late last month. The vulnerability has since come under active exploitation by ransomware outfits to deploy ransomware such as HelloKitty and a strain that shares similarities with TellYouThePass as well as a remote access trojan called SparkRAT. According to new findings from VulnCheck, threat actors weaponizing the flaw are relying on a public proof-of-concept ( PoC ) exploit originally disclosed on October 25, 2023. The attacks have been found to use ClassPathXmlApplicationContext , a class that's part of the...
