CVE-2015-6524 – org.apache.activemq:activemq-jaas

Package

Manager: maven
Name: org.apache.activemq:activemq-jaas
Vulnerable Version: >=5.0.0 <5.10.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00661 pctl0.70244

Details

Improper Input Validation in Apache ActiveMQ The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

Metadata

Created: 2022-05-17T03:22:06Z
Modified: 2023-12-20T19:15:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-23cr-5hr4-rgwv/GHSA-23cr-5hr4-rgwv.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-23cr-5hr4-rgwv
Finding: F184
Auto approve: 1