CVE-2015-6524
Apache ActiveMQ 5.x < 5.10.1 - Credential Exposure via LDAPLoginModule Wildcard Username
Title source: llmDescription
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html
Vendor Advisory x_refsource_confirm
http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html
Scores
EPSS
0.0117
EPSS Percentile
78.9%
Details
CWE
CWE-255
Status
published
Products (22)
apache/activemq
5.0.0
apache/activemq
5.1.0
apache/activemq
5.2.0
apache/activemq
5.3.0
apache/activemq
5.3.1
apache/activemq
5.3.2
apache/activemq
5.4.0
apache/activemq
5.4.1
apache/activemq
5.4.2
apache/activemq
5.4.3
... and 12 more
Published
Aug 24, 2015
Tracked Since
Feb 18, 2026