Concealed attacks likely with new Apache Active MQ exploit

Vulnerable Apace ActiveMQ instances impacted by the maximum severity bug, tracked as CVE-2023-46604, could be exploited to achieve arbitrary code execution from memory through a new proof-of-concept exploit, The Hacker News reports. While previous attacks targeted at the flaw used ActiveMQ's ClassPathXmlApplicationContext class to facilitate malicious XML bean configuration file loading and remote code execution, VulnCheck researchers noted that an exploit using the FileSystemXmlApplicationContext class with a custom SpEL expression yielded the same results without placing their tools to disk. However, such an exploit would prompt an exception message that requires additional measures to ensure the concealment of malicious activity, according to the report. "Now that we know attackers can execute stealthy attacks using CVE-2023-46604, it's become even more important to patch your ActiveMQ servers and, ideally, remove them from the internet entirely," said VulnCheck Chief Technology Officer Jacob Baines.