Share
## https://sploitus.com/exploit?id=40B87F16-53BE-508A-A2F2-0299B19108E4
# Project-Vuln-Detection-N-Mitigation_101

### Apache ActiveMQ Deserialization RCE (CVE-2023-46604) – Phase 2 Project
> **Security Architectures & Systems Administration**

> **Author:** *[Vaishnavu C V]* · **Date:** *17 Sep 2025*

> **Status:** ⌀ Phase 2 deliverables complete

---

## Overview

This repository documents a hands‑on security design project focused on **CVE‑2023‑46604** in **Apache ActiveMQ (Classic)**. It includes a clear explanation of the vulnerability, deep‑dive technical notes, impact assessment, affected systems, **detection** and **mitigation** designs, and a consolidated design report suitable for university submission.

---

## Quick Links

* →→ **Phase 2 Design Report (single file)** → [`phase_2_design_report.md`](./phase_2_design_report.md)
* →→ **All Sections (modular):**

  * Introduction → [`phase_2_intro.md`](./phase_2_intro.md)
  * Vulnerability Explanation → [`phase_2_vulnerability_explanation.md`](./phase_2_vulnerability_explanation.md)
  * Technical Detail → [`phase_2_technical_detail.md`](./phase_2_technical_detail.md)
  * Impact → [`phase_2_impact.md`](./phase_2_impact.md)
  * Affected Systems → [`phase_2_affected_systems.md`](./phase_2_affected_systems.md)
  * Detection Design → [`phase_2_detection_design.md`](./phase_2_detection_design.md)
  * Mitigation Design → [`phase_2_mitigation_design.md`](./phase_2_mitigation_design.md)
  * Conclusion → [`phase_2_conclusion.md`](./phase_2_conclusion.md)
  * References → [`phase_2_references.md`](./phase_2_references.md)

---

## Repository Structure

```
.
├── phase_2_design_report.md
├── phase_2_intro.md
├── phase_2_vulnerability_explanation.md
├── phase_2_technical_detail.md
├── phase_2_impact.md
├── phase_2_affected_systems.md
├── phase_2_detection_design.md
├── phase_2_mitigation_design.md
├── phase_2_conclusion.md
└── phase_2_references.md
```

```mermaid
flowchart LR
  A[Internet attacker] -->|OpenWire 61616malicious serialized payload| B[(ActiveMQ Broker)]
  A -->|Scanning and recon| F[Firewall and ACLs]
  F --> B

  B -->|Traffic mirror or syslog| C[IDS or IPS Suricata Snort]
  B -->|Conn logs| D[Zeek anomaly logs]
  B -->|App logs| E[ActiveMQ logs]

  C -->|Alert| J[(SIEM)]
  D -->|Alert| J
  E -->|Alert| J
  J -->|Correlation and auto action| G[Fail2ban auto ban]
  G -. block .- F

  H[Container sandbox non root AppArmor] --- B
  I[Protocol restriction disable OpenWire] --- B

  classDef detect fill:#eef7ff,stroke:#82b1ff,color:#0a3d62;
  classDef ctrl fill:#eefbee,stroke:#6bbf59,color:#0a3d62;
  classDef siem fill:#fff7e6,stroke:#f5a623,color:#6b3e00;

  class C,D,E detect;
  class F,G,H,I ctrl;
  class J siem;
```

---

## How to Use This Repo

1. **Read the Single‑File Report:** If you’re reviewing for assessment, start with [`phase_2_design_report.md`](./phase_2_design_report.md).
2. **Deep‑dive by Section:** Use the modular files listed above to review specific parts (e.g., directly jump to Detection or Mitigation).
3. **Recreate the Lab (Optional):**

   * Use a **segmented test network** and an **isolated VM/container** for any proof‑of‑concept experiments.
   * Block or strictly restrict **TCP/61616** externally.
   * Prefer patched ActiveMQ versions for production; keep vulnerable versions **air‑gapped** for research only.

> →→ **Safety Note:** Any exploitation steps must be performed **only in a lawful, controlled lab**, never on production or systems you do not own/operate.

---

## Grading Alignment

* **Vulnerability Explanation (4 marks)** → `phase_2_vulnerability_explanation.md`
* **Detection + Mitigation Design (6 marks)** → `phase_2_detection_design.md` and `phase_2_mitigation_design.md`
* **Criteria (applicability, practicality, originality, feasibility, clarity)** are addressed via:

  * Clear network/app‑level detection paths, example IDS/Zeek/SIEM workflows.
  * Practical firewall, protocol, container, and auto‑ban controls for real deployments.
  * Original correlation ideas and mock artifacts for incident response.

---

## Getting Started (Lab‑safe checklist)

* **Network:** Dedicated VLAN/subnet; restrict east‑west traffic.
* **Host:** Linux VM with container runtime.
* **Logging:** Forward ActiveMQ/host/network logs to your SIEM/ELK.
* **Controls:** Prepare fail2ban, ACL rules, and container profiles before testing.

---

## License

This educational content is provided for academic, non‑commercial use. Follow your institution’s policies and local laws.

---