Home
Attack
Dataset
Contact Us
Attack
2024 01
T1-24–01–S–N–CL
T2-24–01–S–N–CL
T3-24–01–S–N–CL
T4-24–01–S–E–M
T5-24–01–S–E–LM
T6-24–01–S–E–FH
T7-24–01–M–NE–CLM
T8-24–01–M–NE–CFHL
T9-24–01–M–NE–CLM
2024 02
comming soon
Dataset
Contact Us
T3-24-01-S-N-CL
Apache ActiveMQ (CVE-2023-46604)
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
OS
IP
Software
Log collection
time
Program
runtime
Attacker
Ubuntu 22.04.2
172.17.0.1
-
19 sec
30 sec
Victim
(docker) Ubuntu 22.04.2
172.17.0.3
ActiveMQ 5.17.3
Installing
python3 -m pip install -r requirements.txt
Using
sudo docker load -i T3-24-01-S-N-CL.tar
sudo python3 run.py [-t, --time], [-f, --file]
optional arguments:
-t, --time Specify a time to collect logs, default 10s
-f, --file PoC file path, default path ./poc.py
MITRE ATT&CK Framework
Attack Tactic
Reconnaissance
Resource Development
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Credential
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Logs
./log/2024_01_T3_{time}.pcap # YYmmdd_HHMMSS
References
[1]
NIST [CVE-2023-46604]
[2]
Ahnlab ASEC [지속적인 공격 대상이 되고 있는 Apache ActiveMQ 취약점 (CVE-2023-46604)]
[3]
Apache [security-advisories.data]
※ Click on the attack name to see a description and scenario for the attack
2024
T1-24–01–S–N–CL
T2-24–01–S–N–CL
T3-24–01–S–N–CL
T4-24–01–S–E–M
T5-24–01–S–E–LM
T6-24–01–S–E–FH
T7-24–01–M–NE–CLM
T8-24–01–M–NE–CFHL
T9-24–01–M–NE–CLM
Copyright(C) 2024, KAIST Cyber Security Reserch Center. All Rights Reserved.
