Security News > 2024 > January > Hackers target Apache RocketMQ servers vulnerable to RCE attacks
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.
Apache released a fix that was incomplete for the NameServer component in RocketMQ and continued to affect versions 5.1 and older of the distributed messaging and streaming platform.
"The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1," reads a warning from Rongtong Jin, a member of the Apache RocketMQ Project Management Committee.
Hackers started targeting vulnerable Apache RocketMQ systems since at least August 2023, when a new version of the DreamBus botnet was observed leveraging an CVE-2023-33246 exploit to drop XMRig Monero miners on vulnerable servers.
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Apache fixes remote code execution bypass in Tomcat web server (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-37582 | Unspecified vulnerability in Apache Rocketmq The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. | 9.8 |
| 2023-05-24 | CVE-2023-33246 | Unspecified vulnerability in Apache Rocketmq For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. | 9.8 |