RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years

A critical Remote Code Execution (RCE) vulnerability has been discovered in Apache ActiveMQ Classic that remained undetected for 13 years. The primary RCE flaw requires authentication to exploit, significantly limiting its attack surface. However, a secondary vulnerability exposing the Jolokia API without authentication creates a potential pathway for attackers to bypass the authentication requirement and achieve remote code execution. Organizations using Apache ActiveMQ Classic should immediately apply available patches and ensure the Jolokia API is properly secured or disabled if not needed. This long-dormant vulnerability highlights the importance of continuous security auditing of legacy software components.

The vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication. The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek .

A critical Remote Code Execution (RCE) vulnerability has been discovered in Apache ActiveMQ Classic that remained undetected for 13 years. The primary RCE flaw requires authentication to exploit, significantly limiting its attack surface. However, a secondary vulnerability exposing the Jolokia API without authentication creates a potential pathway for attackers to bypass the authentication requirement and achieve remote code execution. Organizations using Apache ActiveMQ Classic should immediately apply available patches and ensure the Jolokia API is properly secured or disabled if not needed. This long-dormant vulnerability highlights the importance of continuous security auditing of legacy software components. The vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication. The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek . The vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication. The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek .