APP: Apache ActiveMQ JMX RMIConnectorServer Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Apache ActiveMQ. A successful attack can lead to arbitrary code execution.
Extended Description
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13
Affected Products
Oracle communications_diameter_signaling_router
Short Name
APP:MISC:APACHE-AMQ-JRMI-RCE
Severity
Major
Recommended
False
Recommended Action
None
Category
APP
Keywords
ActiveMQ Apache CVE-2020-11998 Code Execution JMX RMIConnectorServer Remote
Release Date
01/28/2021
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3590
False Positive
Rarely
Vendors
Apache
Oracle
CVSS Score
7.5