CVE-2015-6524
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
Known Affected Software
20 configuration(s) from 2 vendor(s)
activemq
Version:
5.4.2
CPE:
cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
activemq
Version:
5.3.0
CPE:
cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
activemq
Version:
5.4.3
CPE:
cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
activemq
Version:
5.0.0
CPE:
cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
activemq
Version:
5.3.2
CPE:
cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
activemq
Version:
5.9.0
CPE:
cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
activemq
Version:
5.8.0
CPE:
cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
activemq
Version:
5.10.0
CPE:
cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
activemq
Version:
5.4.1
CPE:
cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
activemq
Version:
5.2.0
CPE:
cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
activemq
Version:
5.3.1
CPE:
cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
activemq
Version:
5.7.0
CPE:
cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
activemq
Version:
5.9.1
CPE:
cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
activemq
Version:
5.1.0
CPE:
cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
activemq
Version:
5.5.1
CPE:
cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
activemq
Version:
5.5.0
CPE:
cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
activemq
Version:
5.4.0
CPE:
cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
activemq
Version:
5.6.0
CPE:
cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
fedora
Version:
22
CPE:
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
fedora
Version:
23
CPE:
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
This vulnerability affects 20 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txtcve@mitre.org Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.htmlcve@mitre.org Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.htmlcve@mitre.org Third Party Advisory
-
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txtaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
out of 10.0
Low
Key Information
- Published Date
- August 24, 2015
