Security News > 2024 > January > Hackers target Apache RocketMQ servers vulnerable to RCE attacks
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.
Apache released a fix that was incomplete for the NameServer component in RocketMQ and continued to affect versions 5.1 and older of the distributed messaging and streaming platform.
"The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1," reads a warning from Rongtong Jin, a member of the Apache RocketMQ Project Management Committee.
Hackers started targeting vulnerable Apache RocketMQ systems since at least August 2023, when a new version of the DreamBus botnet was observed leveraging an CVE-2023-33246 exploit to drop XMRig Monero miners on vulnerable servers.
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-37582 | Code Injection vulnerability in Apache Rocketmq The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. | 9.8 |
| 2023-05-24 | CVE-2023-33246 | Code Injection vulnerability in Apache Rocketmq For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. | 9.8 |