GHSA-23cr-5hr4-rgwv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-23cr-5hr4-rgwv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-23cr-5hr4-rgwv/GHSA-23cr-5hr4-rgwv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-23cr-5hr4-rgwv
- Aliases
- Published
- 2022-05-17T03:22:06Z
- Modified
- 2024-12-07T05:38:51.799442Z
- Summary
- Improper Input Validation in Apache ActiveMQ
- Details
-
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
- Database specific
{ "nvd_published_at": "2015-08-24T14:59:00Z", "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-07-06T20:11:13Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-6524
- https://github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39
- https://github.com/apache/activemq
- http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html
Affected packages
Maven / org.apache.activemq:activemq-broker
Package
- Name
- org.apache.activemq:activemq-broker
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.activemq/activemq-broker
Maven / org.apache.activemq:activemq-jaas
Package
- Name
- org.apache.activemq:activemq-jaas
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.activemq/activemq-jaas