CVE-2015-6524

Severity

50%

Complexity

99%

Confidentiality

48%

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 9 years ago

2015-08-24 14:59:00

Last updated 8 years ago

2016-12-09 14:29:00

Affected Software

Fedora 22

22

Fedora Project Fedora 23

23

Apache Software Foundation ActiveMQ 5.0.0

5.0.0

Apache Software Foundation ActiveMQ 5.1.0

5.1.0

Apache Software Foundation ActiveMQ 5.2.0

5.2.0

Apache Software Foundation ActiveMQ 5.3.0

5.3.0

Apache Software Foundation ActiveMQ 5.3.1

5.3.1

Apache Software Foundation ActiveMQ 5.3.2

5.3.2

Apache Software Foundation ActiveMQ 5.4.0

5.4.0

Apache Software Foundation ActiveMQ 5.4.1

5.4.1

Apache Software Foundation ActiveMQ 5.4.2

5.4.2

Apache Software Foundation ActiveMQ 5.4.3

5.4.3

Apache Software Foundation ActiveMQ 5.5.0

5.5.0

Apache Software Foundation ActiveMQ 5.5.1

5.5.1

Apache Software Foundation ActiveMQ 5.6.0

5.6.0

Apache Software Foundation ActiveMQ 5.7.0

5.7.0

Apache Software Foundation ActiveMQ 5.8.0

5.8.0

Apache Software Foundation ActiveMQ 5.9.0

5.9.0

Apache Software Foundation ActiveMQ 5.9.1

5.9.1

Apache Software Foundation ActiveMQ 5.10.0

5.10.0

References

http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt

Vendor Advisory

FEDORA-2015-5622085024

Third Party Advisory

FEDORA-2015-701a1e1a5f