ActiveMQ STOMP Protocol Unsafe Deserialization Exploit

JMS Object messages within Apache ActiveMQ depend on Java Serialization for marshaling/unmashaling of the message payload. This lead to execution of untrusted code when a specially crafted object is received. This update introduces an exploit that will attempt to connect using the STOMP protocol and abuse the vulnerability to execute a Core Impact agent in the vulnerable system.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2015-5254
Product Version: 
37
Released Date: 
Wednesday, August 31, 2016 - 19:00