CVE-2023-46604

Overview

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ, the widely-deployed open-source message broker. The vulnerability exists in ActiveMQ's OpenWire protocol handler: a specially crafted ExceptionResponse packet causes the broker to instantiate an arbitrary Java class from the classpath or a remote URL — executing attacker-controlled code. No authentication is required; exploitation requires only network access to ActiveMQ's default OpenWire port (TCP 61616).

Exploitation began within 24 hours of public disclosure. HelloKitty and TellYouThePass ransomware groups were confirmed deploying ransomware via this vulnerability within days, and cryptomining and remote access trojans followed shortly after. The vulnerability received a CVSS 10.0 score, reflecting pre-auth RCE on a widely-deployed middleware component.

What Is Apache ActiveMQ?

Apache ActiveMQ is a high-performance, open-source message broker implementing the Java Message Service (JMS) API and supporting multiple messaging protocols. It is used in enterprise Java applications for asynchronous communication between services — common in e-commerce platforms, financial systems, healthcare applications, and enterprise middleware deployments. ActiveMQ brokers typically run with elevated privileges and are embedded in or adjacent to business-critical application infrastructure, making them attractive targets for ransomware operators seeking to maximize damage.

Affected Versions

Technical Details

Root Cause: ClassInfo Deserialization via OpenWire ExceptionResponse

ActiveMQ's OpenWire protocol is a binary wire protocol for JMS messaging. The broker processes incoming OpenWire commands including ExceptionResponse packets. The vulnerability lies in how the broker handles a specific OpenWire command type — the ClassInfo command (opcode 0x1f / 31):

When the broker receives this command, it invokes ClassPathXmlApplicationContext with a URL supplied in the packet. ClassPathXmlApplicationContext is a Spring Framework class that fetches an XML configuration file from the provided URL and instantiates all Spring beans defined in it. A Spring bean definition can execute arbitrary OS commands via the ProcessBuilder or Runtime.exec() bean factories.

The complete exploit:

1. Connect to ActiveMQ's OpenWire port (TCP 61616) — no authentication required.
2. Send a crafted OpenWire packet with the ClassInfo command containing a URL pointing to an attacker-controlled server.
3. ActiveMQ fetches the XML file from the attacker's server.
4. The XML defines a Spring bean that executes the attacker's OS command.
5. The command runs as the ActiveMQ process user — typically a service account with broad local privileges.

Why This Is Architecturally Dangerous

The OpenWire port (61616) is the primary broker communication port used by JMS clients and other brokers. It is typically:

• Exposed on all network interfaces by default
• Not authentication-protected in many deployments (authentication is often not configured)
• Expected to be accessible from application servers in the same network segment

This means many ActiveMQ deployments have port 61616 accessible from application tier servers, CI/CD infrastructure, and in some cases from the internet — all positions from which this exploit is trivially weaponizable.

Attack Characteristics

Discovery

The vulnerability was discovered internally by the Apache ActiveMQ security team (or via responsible disclosure — Apache's advisory does not name an external reporter). The security advisory and fixed versions were released simultaneously on October 25–27, 2023. Mass exploitation began within 24 hours of the announcement, suggesting threat actors were watching for ActiveMQ security updates and reverse-engineered the patch immediately.

Exploitation Context

• Exploitation within 24 hours: Rapid7 and ShadowServer confirmed active exploitation beginning within a day of CVE publication
• HelloKitty ransomware: Confirmed deploying ransomware via CVE-2023-46604 within days of disclosure; HelloKitty (also known as FiveHands) is a ransomware-as-a-service operation targeting enterprise environments
• TellYouThePass ransomware: Also confirmed exploiting the vulnerability for ransomware deployment
• Cryptomining: Multiple cryptomining campaigns (XMRig and others) deployed via CVE-2023-46604
• Remote access trojans: Various RATs deployed for persistent access and data exfiltration
• Ongoing exposure: Many ActiveMQ instances run in internal networks with limited patching cadence, providing a persistent exploitation opportunity; ShadowServer reported thousands of exposed instances months after disclosure

Remediation

Recommended Actions

1. Upgrade ActiveMQ to 5.15.16, 5.16.7, 5.17.6, 5.18.3, or 6.1.2+ immediately. Verify: check the activemq.jar version or the startup banner.

2. Restrict network access to port 61616. The OpenWire port should only be accessible from known application servers that require it. Block all other inbound access using host-based firewall rules or network ACLs:

   # Example iptables rule — allow only application tier
   iptables -A INPUT -p tcp --dport 61616 -s 10.0.1.0/24 -j ACCEPT
   iptables -A INPUT -p tcp --dport 61616 -j DROP
   

3. Enable ActiveMQ authentication if not already configured. Anonymous connections to the OpenWire port significantly reduce the barrier to exploitation. Configure activemq.xml with authentication plugins.

4. Restrict outbound connections from the ActiveMQ host. The exploit requires the broker to fetch an XML file from an attacker's server. Egress filtering that blocks outbound HTTP/HTTPS from the broker host breaks the exploitation chain for unauthenticated attackers who don't also control inbound access.

5. Check for compromise indicators:

   • Unusual processes spawned by the ActiveMQ JVM process
   • Unexpected outbound connections from the broker host
   • New cron jobs, scheduled tasks, or persistence mechanisms on the broker host
   • Presence of XMRig, ransomware encryption activity, or webshells in the ActiveMQ data directory