ActiveMQ STOMP Protocol Unsafe Deserialization Exploit

JMS Object messages within Apache ActiveMQ depend on Java Serialization for marshaling/unmashaling of the message payload. This lead to execution of untrusted code when a specially crafted object is received. This update introduces an exploit that will attempt to connect using the STOMP protocol and abuse the vulnerability to execute a Core Impact agent in the vulnerable system.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2015-5254
Product Version: 
2016_R1
Released Date: 
Thursday, September 1, 2016 - 00:00