Add additional port 6835/tcp to Apache ActiveMQ OpenWire Transport detection

[ret2src]

PR Information

This PR adds port 6835/tcp to the detection of Apache ActiveMQ OpenWire Transport services.
Additionally, it improves the regex to use an arbitrary number of whitespace characters between ProviderVersion and the version number. (Update: I've reverted this optimization, connecting to an actual ActiveMQ port showed that we indeed have to match three bytes \t\x00\x06).

Typically, the service runs on port 61616/tcp. However, during three independent penetration tests I've seen the service run on 6835/tcp, over which I was able to successfully exploit CVE-2023-46604.

This PR assumes that PR #4401 works as intended.

Template Validation

I've validated this template locally?

• YES
• NO

Using a mock service (since I currently don't have access to an ActiveMQ instance), the detection seems to work as intended:

Update: I've verified this template with ActiveMQ 5.15.6:

Additional Details

I've observed the following patterns during my penetration tests:

$ telnet 192.0.2.3 6835
Trying 192.0.2.3...
Connected to 192.0.2.3.
Escape character is '^]'.
;ActiveMQ
         )
          TcpNoDelayEnabledSizePrefixDisabled	CacheSize
                                                         ProviderName	ActiveMQStackTraceEnabledPlatformDetails	Java
                                                                                                                    CacheEnabledTightEncodingEnabled
                               MaxFrameSize����MaxInactivityDurationu0 MaxInactivityDurationInitalDelay'ProviderVersion	5.15.6