SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Apache ActiveMQ OpenWire Protocol Insecure Deserialization 6

Category: MISC      

The insecure deserialization vulnerability in apache activemq may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.


Relevant Information