Unpacking the Apache ActiveMQ Exploit (CVE-2023–46604)
8 min readNov 5, 2023
Recently, there was a critical vulnerability in Apache ActiveMQ, CVE-2023–46604, with a CVSS v3 score of 10 out of 10, which certainly caught the attention of cybersecurity folks (https://research.kudelskisecurity.com/2023/11/03/cve-2023-46604-apache-activemq-rce-vulnerability/).
The vulnerability leads to remote code execution (RCE) by exploiting insecure unmarshalling in the implementation of the Openwire protocol.
Exploit can be found at…