Test ID:	1.3.6.1.4.1.25623.1.0.809342
Category:	Web application abuses
Title:	Apache ActiveMQ Artemis < 1.4.0 RCE Vulnerability
Summary:	Apache ActiveMQ Artemis is prone to an remote code execution; (RCE) vulnerability.
Description:	Summary: Apache ActiveMQ Artemis is prone to an remote code execution (RCE) vulnerability. Vulnerability Insight: The flaw exists due to a class implementing the Serializable interface is free to implement the 'readObject(java.io.ObjectInputStreamin)' method however it chooses. Vulnerability Impact: Successful exploitation will allow remote attackers to replace web application files with malicious code and perform remote code execution on the system. Affected Software/OS: Apache ActiveMQ Artemis prior to version 1.4.0. Solution: Update to version 1.4.0 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4978 93142 http://www.securityfocus.com/bid/93142 RHSA-2017:1834 https://access.redhat.com/errata/RHSA-2017:1834 RHSA-2017:1835 https://access.redhat.com/errata/RHSA-2017:1835 RHSA-2017:1836 https://access.redhat.com/errata/RHSA-2017:1836 RHSA-2017:1837 https://access.redhat.com/errata/RHSA-2017:1837 RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3454 RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3455 RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3456 RHSA-2017:3458 https://access.redhat.com/errata/RHSA-2017:3458 RHSA-2018:1447 https://access.redhat.com/errata/RHSA-2018:1447 RHSA-2018:1448 https://access.redhat.com/errata/RHSA-2018:1448 RHSA-2018:1449 https://access.redhat.com/errata/RHSA-2018:1449 RHSA-2018:1450 https://access.redhat.com/errata/RHSA-2018:1450 RHSA-2018:1451 https://access.redhat.com/errata/RHSA-2018:1451 [activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117 https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E [activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118 https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E [activemq-issues] 20190529 [jira] [Closed] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978 https://lists.apache.org/thread.html/d4ffbc6a43a915324a394b2913ceb7d07bc352f2d08caa19df0aff02%40%3Cissues.activemq.apache.org%3E [activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2362) activemq-artemis-native-1.0.0.jar is vulnerable to CVE-2016-4978 https://lists.apache.org/thread.html/7260bd0955c12aac5bd892039d3356ba3aa0ff4caaf2aa4fd4fe84a2%40%3Cissues.activemq.apache.org%3E [activemq-users] 20160923 [CVE-2016-4978] Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability http://mail-archives.apache.org/mod_mbox/activemq-users/201609.mbox/%3CCAH6wpnqzeNtpykT7emtDU1-GV7AvjFP5-YroWcCC4UZyQEFvtA%40mail.gmail.com%3E https://www.blackhat.com/docs/us-16/materials/us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.