ActiveMQ/OpenWire vulnerability

[Peter Hicks]

All,

If you run ActiveMQ and have OpenWire (port 61616 by default) accessible for incoming connections, check out https://www.cve.org/CVERecord?id=CVE-2023-46604 which has details of an exploit that appears to have impacted several visible public platforms over the last 24 hours or so.  If you're running a vulnerable version of ActiveMQ, upgrade - https://activemq.apache.org/components/classic/download/ to fix the problem, or to reduce the impact, comment out the OpenWire listener, or change it to another port, or make sure it's not accessible from outside trusted networks via firewall rules.

Full disclosure - I had an unsecured ActiveMQ server running on a Linode host which was infected with ransomware.  However, sensible precautions such as running ActiveMQ as its own user meant that I just ended up with the ActiveMQ broker directory being encrypted and AMQ falling over.  No biggie.

If you're only connecting outbound over OpenWire, I don't believe the issue will affect you - but it's always a good idea to keep your software components up-to-date.

Peter