ID de Prueba:	1.3.6.1.4.1.25623.1.0.809342
Categoría:	Web application abuses
Título:	Apache ActiveMQ Artemis < 1.4.0 RCE Vulnerability
Resumen:	Apache ActiveMQ Artemis is prone to an remote code execution; (RCE) vulnerability.
Descripción:	Summary: Apache ActiveMQ Artemis is prone to an remote code execution (RCE) vulnerability. Vulnerability Insight: The flaw exists due to a class implementing the Serializable interface is free to implement the 'readObject(java.io.ObjectInputStreamin)' method however it chooses. Vulnerability Impact: Successful exploitation will allow remote attackers to replace web application files with malicious code and perform remote code execution on the system. Affected Software/OS: Apache ActiveMQ Artemis prior to version 1.4.0. Solution: Update to version 1.4.0 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4978 93142 http://www.securityfocus.com/bid/93142 RHSA-2017:1834 https://access.redhat.com/errata/RHSA-2017:1834 RHSA-2017:1835 https://access.redhat.com/errata/RHSA-2017:1835 RHSA-2017:1836 https://access.redhat.com/errata/RHSA-2017:1836 RHSA-2017:1837 https://access.redhat.com/errata/RHSA-2017:1837 RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454 RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455 RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456 RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458 RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1447 RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1448 RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1449 RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1450 RHSA-2018:1451 https://access.redhat.com/errata/RHSA-2018:1451 [activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117 https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E [activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118 https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E [activemq-issues] 20190529 [jira] [Closed] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978 https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E [activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978 https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E [activemq-users] 20160923 [CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.