CVE-2015-6524
EPSS 1.2%Improper Input Validation in Apache ActiveMQ
發布日:2022/5/17修改日:2026/4/28
描述
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
受影響套件(3)
- Debian/activemqfrom 0, < 5.6.0+dfsg1-4
- Maven/org.apache.activemq:activemq-broker>= 5.0.0, < 5.10.2
- Maven/org.apache.activemq:activemq-jaas>= 5.0.0, < 5.10.2
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-6524
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-6524
- WEBhttp://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html
- WEBhttps://github.com/apache/activemq
- WEBhttps://github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39