Open Nav
Sign Up

Alert: Apache ActiveMQ Flaw Exploited in Godzilla Web Shell Attacks (CVE-2023-46604)

Bar Refael

January 23, 2024

Vulnerability Summary:

  • Affected Software: Apache ActiveMQ
  • Vulnerability ID: CVE-2023-46604 (CVSS Score: 10.0)
  • Type of Vulnerability: Remote Code Execution (RCE)
  • Current Threat: Active exploitation by multiple adversaries

Details of the Threat:

Cybersecurity researchers have detected a significant surge in cybercriminal activities exploiting a critical vulnerability in Apache ActiveMQ. The flaw, identified as CVE-2023-46604, is being used to deploy the Godzilla web shell on compromised hosts. This severe RCE vulnerability, disclosed in late October 2023, has been a vector for various malicious activities, including ransomware, rootkits, cryptocurrency mining, and DDoS botnet deployment.

Characteristics of the Godzilla Web Shell:

  • Concealment: The web shells are hidden within an unknown binary format, making them hard to detect by conventional security and signature-based scanners.
  • Execution Mechanism: Despite the unusual file format, ActiveMQ’s JSP engine still compiles and executes the web shell.
  • Capabilities: The Godzilla web shell is a sophisticated backdoor, capable of parsing inbound HTTP POST requests, executing content, and sending responses via HTTP. It enables threat actors to perform a wide range of actions, such as executing shell commands, viewing network information, and managing files on the compromised host.

Attack Methodology:

  • The web shell code is planted within the “admin” folder of ActiveMQ’s installation directory.
  • It’s converted into Java code for execution by the Jetty Servlet Engine.
  • Attackers can connect to the compromised system using the Godzilla management user interface, gaining full control over the host.

Urgent Recommendations for Clients:

  • Update Immediately: Users of Apache ActiveMQ should update to the latest version without delay to prevent exploitation.
  • Enhanced Monitoring: Vigilantly monitor network traffic and system logs for any signs of compromise or unusual activity.
  • Security Review: Conduct a thorough security review of systems using Apache ActiveMQ, especially focusing on the admin folder and any unusual binary files.
  • Incident Response Plan: Ensure that your incident response plan is up-to-date and ready to be executed in the event of a breach.

Closing Note:

Given the severity and sophistication of this threat, it’s crucial for organizations using Apache ActiveMQ to take immediate and effective action to secure their systems. [Your Company’s Name] is dedicated to assisting our clients in responding to these cybersecurity challenges and ensuring the protection of their digital infrastructure

Stay safe and informed,

OP Innovate.

Resources highlights

High-Severity WordPress Vulnerability in Forminator Plugin (CVE-2025-6463)

A critical vulnerability in the Forminator plugin, one of the most popular form-building plugins in Wordpress, allows unauthenticated attackers to delete arbitrary files on the…

Read more >

CVE-2025-6463

CVE-2025-6554: Chrome V8 Zero-Day Exploited in the Wild

On June 30, 2025, Google issued an emergency patch for a critical zero-day vulnerability in its Chrome browser, tracked as CVE-2025-6554. The flaw resides in…

Read more >

CVE-2025-6554

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

On June 25, 2025, Cisco disclosed and patched two critical remote code execution (RCE) vulnerabilities: CVE-2025-20281 and CVE-2025-20282, affecting its widely deployed Identity Services Engine…

Read more >

CVE-2025-20281 & CVE-2025-20282

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

On June 25, 2025, CISA added CVE‑2024‑54085, a critical authentication bypass vulnerability in the MegaRAC SPx Baseboard Management Controller (BMC) firmware, to its Known Exploited…

Read more >

CVE-2024-54085

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a sophisticated malware campaign dubbed “UMBRELLA…

Read more >

umbrella stand fortinet

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary planting techniques. Tracked as CVE-2025-49144,…

Read more >

CVE-2025-49144
Under Cyber Attack?

Fill out the form and we will contact you immediately.