CVE-2015-6524: Improper Input Validation in Apache ActiveMQ
(updated )
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
References
- activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
- lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html
- lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html
- github.com/advisories/GHSA-23cr-5hr4-rgwv
- github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39
- nvd.nist.gov/vuln/detail/CVE-2015-6524
Detect and mitigate CVE-2015-6524 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →