Security News > 2024 > January > Hackers target Apache RocketMQ servers vulnerable to RCE attacks
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.
Apache released a fix that was incomplete for the NameServer component in RocketMQ and continued to affect versions 5.1 and older of the distributed messaging and streaming platform.
"The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1," reads a warning from Rongtong Jin, a member of the Apache RocketMQ Project Management Committee.
Hackers started targeting vulnerable Apache RocketMQ systems since at least August 2023, when a new version of the DreamBus botnet was observed leveraging an CVE-2023-33246 exploit to drop XMRig Monero miners on vulnerable servers.
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- ASUS releases fix for AMI bug that lets hackers brick servers (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Lazarus hackers breach six companies in watering hole attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-37582 | Unspecified vulnerability in Apache Rocketmq The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. | 9.8 |
| 2023-05-24 | CVE-2023-33246 | Unspecified vulnerability in Apache Rocketmq For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. | 9.8 |