Unpacking the Apache ActiveMQ Exploit (CVE-2023–46604)

Recently, there was a critical vulnerability in Apache ActiveMQ, CVE-2023–46604, with a CVSS v3 score of 10 out of 10, which certainly caught the attention of cybersecurity folks (https://research.kudelskisecurity.com/2023/11/03/cve-2023-46604-apache-activemq-rce-vulnerability/).

The vulnerability leads to remote code execution (RCE) by exploiting insecure unmarshalling in the implementation of the Openwire protocol.

Exploit can be found at…