Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks


In the latest intrusion set observed by Trustwave, susceptible instances have been targeted by JSP-based web shells that are planted within the “admin” folder of the ActiveMQ installation directory.

The web shell, named Godzilla, is a functionality-rich backdoor capable of parsing inbound HTTP POST requests, executing the content, and returning the results in the form of an HTTP response.

Users of Apache ActiveMQ are highly recommended to update to the latest version as soon as possible to mitigate potential threats.

Read More…