Improper Input Validation in Apache ActiveMQ

GHSA-23cr-5hr4-rgwv · CVE-2015-6524

Published May 17, 2022 · Modified Dec 7, 2024

Description

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-6524
WEB https://github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39
WEB https://github.com/apache/activemq
WEB http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
WEB http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html
WEB http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes