The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
References
Link | Resource |
---|---|
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt | Vendor Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html | Third Party Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html | Third Party Advisory |
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt | Vendor Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html | Third Party Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 02:35
Type | Values Removed | Values Added |
---|---|---|
References | () http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt - Vendor Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html - Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html - Third Party Advisory |
Information
Published : 2015-08-24 14:59
Updated : 2024-11-21 02:35
NVD link : CVE-2015-6524
Mitre link : CVE-2015-6524
CVE.ORG link : CVE-2015-6524
JSON object : View
Products Affected
apache
- activemq
fedoraproject
- fedora
CWE
CWE-255
Credentials Management Errors