资产安全
商业安全
安全服务
返回- 发布日期2020-09-10
- 感知时间2020-09-10
- 漏洞类型安全更新
- 风险等级中危
- 更新版本 5.x
- 情报贡献TSRC
JMX MITM vulnerability
CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack<br/><br/>Severity: Moderate<br/><br/>Vendor: The Apache Software Foundation<br/><br/>Affected Version: Apache ActiveMQ version prior to 5.15.12<br/><br/>Vulnerability details:<br/>Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI<br/>registry and binds the server to the "jmxrmi" entry. It is possible<br/>to connect to the registry without authentication and call the rebind<br/>method to rebind jmxrmi to something else. If an attacker creates another<br/>server to proxy the original, and bound that, he effectively becomes a <br/>man in the middle and is able to intercept the credentials when an user<br/>connects.<br/><br/>Mitigation:<br/>Upgrade to Apache ActiveMQ 5.15.12<br/><br/>Credit: Jonathan Gallimore & Colm O hEigeartaigh<br/>
Apache ActiveMQ是Apache软件基金会所研发的开放源代码消息中间件;由于ActiveMQ是一个纯Java程序,因此只需要操作系统支持Java虚拟机,ActiveMQ便可执行。
<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920">CVE-2020-13920</a></p>
暂无
暂无
http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
微信扫码关注公众号
