{"vulnerability": "CVE-2023-37582", "sightings": [{"uuid": "0fafb4f3-04d4-4f40-8686-175b816005e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/network/cves/2023/CVE-2023-37582.yaml", "content": "", "creation_timestamp": "2025-10-13T10:36:24.000000Z"}, {"uuid": "cbafa7c5-6d75-4c10-ac40-4932d6041db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1626", "content": "CVE-2023-37582 EXPLOIT\nApache RocketMQ \n*\n\u0414\u043b\u044f \u0442\u0435\u0441\u0442\u0430 \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 RocketMQ environment via Docker\n*\nexploit\n*\n#apache #exploit #docker", "creation_timestamp": "2023-07-15T10:35:02.000000Z"}, {"uuid": "2894bdea-80ca-4ccd-b43d-714a73ee848a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "Telegram/rrQgemzze4xJUOHyyN8K0bc2BcTV6JphfrZTGQGNYc8dgw", "content": "", "creation_timestamp": "2023-07-15T14:46:28.000000Z"}, {"uuid": "c274b21a-3d5f-4c98-afe9-9cf62484b7cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3122", "content": "\u200b\u200bGitHub Logs\n\nExtracting #OSINT Insights from 15TB of GitHub Event Logs.\n\nhttps://github.com/trickest/github-logs\n\n#cybersecurity #infosec\n\n\u200b\u200bWeb Hacker's Weapons\n\nA collection of cool tools used by Web hackers.\n\nhttps://github.com/hahwul/WebHackersWeapons\n\n#infosec #pentesting #bugbounty\n\n\u200b\u200b\ud83d\udc27 Awesome Linux Rootkits\n\nBest linux rootkits resources.\n\nhttps://github.com/milabs/awesome-linux-rootkits\n\n#infosec #pentesting #redteam\n\nglit\n\nA little #OSINT tool to retrieve all mails of user related to a git repository, a git user or a git organization.\n\nhttps://github.com/shadawck/glit\n\n#cybersecurity #infosec\n\n\u200b\u200bCoWitness\n\nA powerful web application testing tool that enhances the accuracy and efficiency of your testing efforts. It allows you to mimic an HTTP server and a DNS server, providing complete responses and valuable insights during your testing process.\n\nhttps://github.com/stolenusername/cowitness\n\n#cybersecurity #infosec #pentesting\n\n\u200b\u200bLinux Kernel Factory\n\nLinux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.\n\nhttps://github.com/bsauce/kernel-exploit-factory\n\n#infosec #pentesting #redteam\n\n\u200b\u200bdocleaner\n\nA web service to clean #documents from potentially privacy-invasive #metadata.\n\nhttps://github.com/TUD-CERT/docleaner\n\n\u200b\u200bHadesLdr\n\nShellcode loader implementing indirect dynamic syscall, api hashing, fileless shellcode retrieving using winsock2.\n\n\u2022 Indirect Dynamic Syscall by resolving the SSN and the address pointing to a backed syscall instruction dynamically.\n\u2022 API Hashing by resolving modules & APIs base address from PEB by hashes\n\u2022 Fileless Chunked RC4 Shellcode retrieving using Winsock2\n\nhttps://github.com/CognisysGroup/HadesLdr\n\nDetails:\nhttps://labs.cognisys.group/posts/Combining-Indirect-Dynamic-Syscalls-and-API-Hashing/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bLOLAPPS \n\nKind of like the cousin of LOLBAS and GTFObins. Sometimes you might struggle to common binaries to exploit and LOLAPPS is meant to be a supplementary resource for identifying native functionality in applications that can be used to the hacker's advantage, both third-party and from within.\n\nhttps://github.com/LOLAPPS-Project/LOLAPPS\n\nWeb:\nhttps://lolapps-project.github.io/\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-36884\n\nOffice/Windows HTML RCE Vulnerability\n\nhttps://github.com/Maxwitat/CVE-2023-36884-Scripts-for-Intune-Remediation-SCCM-Compliance-Baseline\n\n#cve #cybersecurity #infosec\n\n\u200b\u200bRWXfinder\n\nWindows-specific tool written in C which uses Windows API functions to traverse through directories and look for DLL files with an RWX section in memory.\n\nhttps://github.com/pwnsauc3/RWXFinder\n\n#infosec #pentesting #redteam\n\n\u200b\u200bPlumHound \n\nBloodHoundAD Report Engine for Security Teams\n\nhttps://github.com/PlumHound/PlumHound\n\n#infosec #pentesting #redteam\n\n\u200b\u200bLolDriverScan\n\nA golang tool that allows users to discover vulnerable drivers on their system. This tool fetches the loldriverscan.io list from their APIs and scans the system for any vulnerable drivers This project is implemented in Go and does not require elevated privileges to run.\n\nhttps://github.com/FourCoreLabs/loldriverscan\n\n#cybersecurity #infosec\n\n\u200b\u200bJayFinder\n\nWhether you knew Process Mockingjay since ever or you just got to know it, this tool helps you to find DLLs with RWX section. This is done parsing the PE Section Headers and checking the \"Characteristics\" attribute of each section.\n\nhttps://github.com/oldboy21/JayFinder\n\n#infosec #pentesting #redteam\n\n\u200b\u200bCVE-2023-37582\n\nApache RocketMQ Arbitrary File Write Vulnerability #Exploit.\n\nhttps://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\n#cybersecurity #infosec\n\n\u200b\u200bUDP Protocol Scanner\n\nA tool for identifying UDP services running on remote hosts. This tool may be of use to those performing security testing - e.g. during penetration testing, vulnerability assessments or while pivoting.\n\nhttps://github.com/CiscoCXSecurity/udpy_proto_scanner\n\n#cybersecurity #infosec #pentesting\n\nhttps://t.me/dilagrafie\n\n2/2", "creation_timestamp": "2023-07-15T21:16:53.000000Z"}, {"uuid": "560d70a3-f5d0-4750-a9fa-9be9731788b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m3g6ag34p22g", "content": "", "creation_timestamp": "2025-10-17T21:02:24.099528Z"}, {"uuid": "061585cd-b588-4850-9617-82ef2263a2e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4333", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-37582\n\ud83d\udd25 CVSS Score: 9.8 (CVSS_V3)\n\ud83d\udd39 Description: The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. \n\nWhen NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. \n\nIt is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\n\ud83d\udccf Published: 2023-07-12T12:31:36Z\n\ud83d\udccf Modified: 2025-02-13T19:00:52Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2023-37582\n2. https://github.com/apache/rocketmq\n3. https://lists.apache.org/thread/m614czxtpvlztd7mfgcs2xcsg36rdbnc\n4. http://www.openwall.com/lists/oss-security/2023/07/12/1", "creation_timestamp": "2025-02-13T19:21:34.000000Z"}, {"uuid": "31a85562-a13b-4196-b1eb-196e6b389d4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "exploited", "source": "https://t.me/BleepingComputer/19173", "content": "\u200aHackers target Apache RocketMQ servers vulnerable to RCE attacks\n\nSecurity researchers are detecting hundreds of IP addresses on a daily basis that scan\u00a0or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as\u00a0CVE-2023-33246 and\u00a0CVE-2023-37582. [...]\n\nhttps://www.bleepingcomputer.com/news/security/hackers-target-apache-rocketmq-servers-vulnerable-to-rce-attacks/", "creation_timestamp": "2024-01-05T18:42:26.000000Z"}, {"uuid": "b8d0088d-9371-4c5f-b133-59177944deb1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/purple_medved/65", "content": "\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u043f\u043e\u0433\u043e\u0432\u043e\u0440\u0438\u043c \u043e\u0431 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 RCE \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 CVE-2023-37582 \u0432 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u043d\u043e\u043c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 NameServer \u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 Apache RocketMQ.\n\nApache RocketMQ - \u044d\u0442\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u043b\u044f \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 \u0438 \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u044b\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u043c\u0438 \u043e\u0442 Alibaba \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u043e \u043d\u0438\u0437\u043a\u0443\u044e \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0443, \u0432\u044b\u0441\u043e\u043a\u0443\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0438 \u0431\u043e\u043b\u044c\u0448\u0443\u044e \u0435\u043c\u043a\u043e\u0441\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439.\n\n\u041f\u043e \u0441\u0443\u0442\u0438 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442, \u043a\u0430\u043a \u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0430\u0442\u0447\u0430 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2023-33246 \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 NameServer, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043d\u0430 \u043f\u043e\u0440\u0442\u0443 tcp/9876 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Broker.\n\nPOC \u043d\u0438\u0436\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b\u0438\u043a \u0432 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u0434\u043b\u044f \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e\u0439 \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u0438: \nbody = 'configStorePath=/tmp/pwned\\nproductEnvName=test/path\\\\ntest\\\\ntest'.encode('utf-8') \n\u0414\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0431\u043e\u0435\u0432\u043e\u0433\u043e RCE \u043c\u043e\u0436\u043d\u043e \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c payload \u0438 \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u0437\u0430\u043b\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u044b\u0439 ssh-\u043a\u043b\u044e\u0447 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043e\u0442 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0437\u0430\u043f\u0443\u0449\u0435\u043d RocketMQ \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0443\u044e \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u044e \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435.\n\n\ud83e\udeb2\u0423\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e: Apache RocketMQ \u0434\u043e 4.9.6, 5.0.0-5.1.1\n\u2699\ufe0fPOC: https://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\u2705 \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438: \u041f\u0430\u0442\u0447 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.1.11\n\n#CVE-2023-37582 #RCE #RocketMQ", "creation_timestamp": "2023-07-18T09:39:03.000000Z"}, {"uuid": "8b1ef9ad-bf67-4d20-9522-5d326f28f190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3898", "content": "\u2623\ufe0f\u2b50Nvidia Corporation Leak : https://system32.ink/nvidia-corporation-leak/\n\n\ud83d\udc7e\ud83d\udd30Rheinmetall Defence Leak : https://system32.ink/rheinmetall-defence-leak/\n\n\ud83c\udf2a\ufe0f\ud83d\udca9FA station Thailand Leak : https://system32.ink/fa-station-thailand-leak/\n\n\ud83d\udca5\u2623\ufe0fInvicti Enterprise 23.1 : https://system32.ink/invicti-enterprise-23.1-download-free/\n\n\u2623\ufe0f\ud83c\udf2a\ufe0fCVE-2023-37582 EXPLOIT Apache RocketMQ : https://system32.ink/cve-2023-37582-exploit-apache-rocketmq/\n\n@Crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-15T14:45:28.000000Z"}, {"uuid": "550fefcf-fd60-4fee-bbca-7bb307d1cc7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "seen", "source": "https://t.me/cibsecurity/66532", "content": "\u203c CVE-2023-37582 \u203c\n\nThe RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-15T16:57:00.000000Z"}, {"uuid": "d9dd2fe3-7197-4aaf-8765-25c1060ea449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37582", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8677", "content": "#exploit\n1. CVE-2023-37582:\nApache RocketMQ Arbitrary File Write Vulnerability\nhttps://github.com/Malayke/CVE-2023-37582_EXPLOIT\n\n2. CVE-2023-23397:\nMS Outlook Privilege Escalation\nhttps://github.com/Muhammad-Ali007/OutlookNTLM_CVE-2023-23397\n]-> https://github.com/tiepologian/CVE-2023-23397\n\n3. CVE-2023-20110:\nCisco Smart Software Manager On-Prem SQL Injection Vulnerability\nhttps://github.com/redfr0g/CVE-2023-20110", "creation_timestamp": "2024-03-18T01:57:48.000000Z"}]}