Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA

CVE-2022-41678

Published: 28/11/2023 Updated: 31/05/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache activemq

Vendor Advisories

Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution In details, in ActiveMQ configurations, jetty allows orgjolokiahttpAgentServlet to handler request to /api/jolokia orgjolokiahttpHttpRequestHandler#handlePostRequest is able to create JmxR ...
Check Point Security Alerts: Apache ActiveMQ Jolokia Remote Code Execution (CVE-2022-41678)
Check Point Reference: CPAI-2022-2076 Date Published: 9 Jun 2024 Severity: High ...

Mailing Lists

Full Disclosure: CVE-2022-41678: Apache ActiveMQ: Deserialization vulnerability on Jolokia that allows authenticated users to perform RCE
Severity: Medium Affected versions: - Apache ActiveMQ before 5166 - Apache ActiveMQ 5170 before 5174 - Apache ActiveMQ 5180 unaffected - Apache ActiveMQ 600 unaffected Description: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution  In details, in ActiveMQ configurations, jetty allows ...

References

CWE-287https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txthttps://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4slhttps://security.netapp.com/advisory/ntap-20240216-0004/https://www.openwall.com/lists/oss-security/2023/11/28/1https://nvd.nist.govhttps://seclists.org/oss-sec/2023/q4/241https://access.redhat.com/security/cve/cve-2022-41678https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2022-2076.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627CVE-2022-45803CVE-2024-38319cameratemplate injectionCVE-2024-27801CVE-2024-0762CVE-2024-5791unauthorized
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook