Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yM2NyLTVocjQtcmd3ds4AAchZ
Improper Input Validation in Apache ActiveMQ
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
Permalink: https://github.com/advisories/GHSA-23cr-5hr4-rgwvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yM2NyLTVocjQtcmd3ds4AAchZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
Identifiers: GHSA-23cr-5hr4-rgwv, CVE-2015-6524
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-6524
- http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html
- https://github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39
- https://github.com/advisories/GHSA-23cr-5hr4-rgwv
Blast Radius: 0.0
Affected Packages
maven:org.apache.activemq:activemq-jaas
Dependent packages: 140Dependent repositories: 2,128
Downloads:
Affected Version Ranges: >= 5.0.0, <= 5.10.1
Fixed in: 5.10.2
All affected versions: 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.5.0, 5.5.1, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.9.1, 5.10.0, 5.10.1
All unaffected versions: 4.1.1, 4.1.2, 5.10.2, 5.11.0, 5.11.1, 5.11.2, 5.11.3, 5.11.4, 5.12.0, 5.12.1, 5.12.2, 5.12.3, 5.13.0, 5.13.1, 5.13.2, 5.13.3, 5.13.4, 5.13.5, 5.14.0, 5.14.1, 5.14.2, 5.14.3, 5.14.4, 5.14.5, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.16.0, 5.16.1, 5.16.2, 5.16.3, 5.16.4, 5.16.5, 5.16.6, 5.16.7, 5.17.0, 5.17.1, 5.17.2, 5.17.3, 5.17.4, 5.17.5, 5.17.6, 5.18.0, 5.18.1, 5.18.2, 5.18.3, 5.18.4, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2
maven:org.apache.activemq:activemq-broker
Dependent packages: 537Dependent repositories: 7,528
Downloads:
Affected Version Ranges: >= 5.0.0, <= 5.10.1
Fixed in: 5.10.2
All affected versions: 5.8.0, 5.9.0, 5.9.1, 5.10.0, 5.10.1
All unaffected versions: 5.10.2, 5.11.0, 5.11.1, 5.11.2, 5.11.3, 5.11.4, 5.12.0, 5.12.1, 5.12.2, 5.12.3, 5.13.0, 5.13.1, 5.13.2, 5.13.3, 5.13.4, 5.13.5, 5.14.0, 5.14.1, 5.14.2, 5.14.3, 5.14.4, 5.14.5, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.15.8, 5.15.9, 5.15.10, 5.15.11, 5.15.12, 5.15.13, 5.15.14, 5.15.15, 5.15.16, 5.16.0, 5.16.1, 5.16.2, 5.16.3, 5.16.4, 5.16.5, 5.16.6, 5.16.7, 5.17.0, 5.17.1, 5.17.2, 5.17.3, 5.17.4, 5.17.5, 5.17.6, 5.18.0, 5.18.1, 5.18.2, 5.18.3, 5.18.4, 6.0.0, 6.0.1, 6.1.0, 6.1.1, 6.1.2