Jolokia

Apache ActiveMQ Jolokia Remote Code Execution Vulnerability (CVE-2022-41678) Notification

November 30, 2023

Overview Recently, NSFOCUS CERT found a remote code execution vulnerability in Apache ActiveMQ Jolokia (CVE-2022-41678). In the configuration of ActiveMQ, jetty allows org.holokia.http.AgentServlet to process requests for/api/Jolokia. An authenticated attacker can send a specially crafted HTTP request to write a malicious file through the Jolokia service, thus implementing remote code execution. At present, the vulnerability […]

Search

Subscribe to the NSFOCUS Blog