Apache ActiveMQ Jolokia Remote Code Execution Vulnerability (CVE-2022-41678)

Dec 01, 2023 GMT+08:00

I. Overview

Recently, Apache ActiveMQ has disclosed a remote code execution vulnerability (CVE-2022-41678) in specific versions. Due to errors in ActiveMQ configurations, authenticated attackers can exploit this vulnerability to send specially crafted HTTP requests through Jolokia to write malicious files that trigger remote code execution. The POC of this vulnerability has been disclosed and the risk is high.

Apache ActiveMQ is the most popular open-source message middleware that provides efficient, scalable, stable, and secure enterprise-level message communication for applications. If you are an Apache ActiveMQ user, check your versions and implement timely security hardening.

References:

http://www.openwall.com/lists/oss-security/2023/11/28/1

https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Apache ActiveMQ < 5.16.6

5.17.0< Apache ActiveMQ < 5.17.4

Secure versions:

Apache ActiveMQ >= 5.17.4

Apache ActiveMQ >= 5.16.6

Apache ActiveMQ >= 6.0.0

Apache ActiveMQ >= 5.18.0

IV. Vulnerability Handling

This vulnerability has been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the secure version.

https://github.com/apache/activemq/tags

If the upgrade cannot be performed in a timely manner, refer to the suggestions provided by Apache ActiveMQ:

1. Disable Jolokia unless it is required by services.

2. On the ActiveMQ management and control page, allow only trusted addresses to access.

3. Change the default password of the ActiveMQ web console.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.