The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x prior to 5.10.1 allows wildcard operators in usernames, which allows remote malicious users to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |
||
apache activemq 5.0.0 |
||
apache activemq 5.4.0 |
||
apache activemq 5.4.2 |
||
apache activemq 5.7.0 |
||
apache activemq 5.9.0 |
||
apache activemq 5.4.3 |
||
apache activemq 5.5.0 |
||
apache activemq 5.5.1 |
||
apache activemq 5.6.0 |
||
apache activemq 5.10.0 |
||
apache activemq 5.2.0 |
||
apache activemq 5.3.0 |
||
apache activemq 5.3.1 |
||
apache activemq 5.1.0 |
||
apache activemq 5.3.2 |
||
apache activemq 5.4.1 |
||
apache activemq 5.8.0 |
||
apache activemq 5.9.1 |
Vulmon