Remote Code Execution Vulnerability in Apache ActiveMQ
CVE-2020-13920

5.9MEDIUM

Key Information:

Vendor: Apache
Status: Apache ActiveMQ
Vendor: CVE Published:; 10 September 2020

What is CVE-2020-13920?

Apache ActiveMQ uses LocateRegistry.createRegistry() to create a JMX RMI registry, allowing unauthenticated access to the 'jmxrmi' entry. An attacker can exploit this by connecting to the registry and utilizing the rebind method to redirect 'jmxrmi' to a malicious server. This scenario can lead to man-in-the-middle attacks, enabling the attacker to potentially intercept sensitive user credentials when they connect to the original server. To mitigate this vulnerability, it is essential to upgrade to Apache ActiveMQ version 5.15.12 or later.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache ActiveMQ Apache ActiveMQ version prior to 5.15.12

References

http://activemq.apache.org/security-advisories.data/CVE-2...

https://lists.debian.org/debian-lts-announce/2020/10/msg0...

mailing-list

https://www.oracle.com/security-alerts/cpuoct2020.html

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2020
Vulnerability Reserved
Jun 8, 2020

JSON

Apache

What is CVE-2020-13920?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.