Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2020-11998

Published: 10/09/2020 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache activemq 5.15.12

oracle flexcube private banking 12.1.0

oracle flexcube private banking 12.0.0

oracle enterprise repository 11.1.1.7.0

oracle communications diameter signaling router

oracle communications element manager

oracle communications session route manager

oracle communications session report manager

Mailing Lists

Full Disclosure: [CVE-2020-11998] Apache ActiveMQ JMX remote client could execute arbitrary code
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [CVE-2020-11998] Apache ActiveMQ JMX remote client could execute arbitrary code <!--X-Subject-Header-End--> <!--X-Head-of-Mess ...

Github Repositories

https://github.com/zhzhdoai/JAVA_Env-Poc

JAVA_Env-Poc ActiveMQ_JMX_attack 研究CVE-2020-11998时 总结无认证和认证情况对ActiveMq 开启 JMX攻击 详情见项目中的PDF TomcatEchoEnv 搭建Tomcat通用回显靶场,利用fnmsd师傅的dfs类方便快速测试,需要修改catlinash中的classpath修改恶意类依赖, if [ -r "$CATALINA_BASE/bin/tomcat-julijar" ] ; then CLASSPATH=$CLASSPATH:$

References

NVD-CWE-noinfohttp://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txthttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3Ehttps://nvd.nist.govhttps://github.com/zhzhdoai/JAVA_Env-Pochttp://seclists.org/oss-sec/2020/q3/169
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook