LAST UPDATED: 2023-10-30
This report identifies accessible Apache ActiveMQ servers on port 61616/TCP. ActiveMQ is a popular open source multi-protocol message broker.
ActiveMQ has a set of security features which should be enabled if possible.
Additionally, different ActiveMQ versions have had multiple CVE found in them in the past.
CVE-2023-46604 (Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack) was disclosed on the 27th of October 2023.
As described in the NVD entry for CVE-2023-46604 the vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
How we scan
We scan by sending an equivalent of a “hello” using the OpenWire protocol WireFormatInfo request and expecting a BrokerInfo response.
We determine the vulnerability through a version check only.
We do not perform any intrusive checks on a discovered service.
As of 2023-10-30, we identify 7249 accessible ActiveMQ services. Out of these 3329 where found vulnerable to CVE-2023-46604.
If you receive a report from us with an accessible ActiveMQ service, make sure it is configured appropriately according to your security policy which may include restriction to trusted sources only.
If you received a report with events tagged
cve-2023-46604 make sure to investigate for possible compromise and patch your version.
For more information on our scanning efforts, check out our Internet scanning summary page.
This report has an IPv4 and IPv6 version.
Filename: scan_activemq, scan6_activemq