""ET INFO Apache ActiveMQ Instance - Vulnerable to CVE-2023-46604 - Local Instance""

SID: 2049009

Revision: 2

Class Type: misc-activity

Metadata: attack_target Server, created_at 2023_11_01, cve CVE_2023_46604, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Informational, updated_at 2023_11_03, reviewed_at 2023_11_03

Reference:

• cve

• 2023-46604

Protocol: tcp

Source Network: $HOME_NET

Source Port: any

Destination Network: any

Destination Port: any

Flow: established,to_client

Contents:

• Value: "|01|ActiveMQ" Depth: 9 Offset: 4

• Value: "ProviderVersion"

• Value: "5."

Within: 2

PCRE: "/^(?:1(?:(?:4.[012345]|[02].[012]|3.[01234]|1.[0123])|5.(?:[023456789]|1[012345])|6.[0123456]|7.[012345]|8.[012]|.0)|[02678].0|4.[0123]|3.[012]|5.[01]|9.[01])/R"

Special Options:

• fast_pattern

source