5

CVE-2015-6524

EPSS 0.66%
Published 24.08.2015 14:59:13
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version22

Fedoraproject ≫ Fedora Version23

Apache ≫ Activemq Version5.0.0

Apache ≫ Activemq Version5.1.0

Apache ≫ Activemq Version5.2.0

Apache ≫ Activemq Version5.3.0

Apache ≫ Activemq Version5.3.1

Apache ≫ Activemq Version5.3.2

Apache ≫ Activemq Version5.4.0

Apache ≫ Activemq Version5.4.1

Apache ≫ Activemq Version5.4.2

Apache ≫ Activemq Version5.4.3

Apache ≫ Activemq Version5.5.0

Apache ≫ Activemq Version5.5.1

Apache ≫ Activemq Version5.6.0

Apache ≫ Activemq Version5.7.0

Apache ≫ Activemq Version5.8.0

Apache ≫ Activemq Version5.9.0

Apache ≫ Activemq Version5.9.1

Apache ≫ Activemq Version5.10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.66%	0.702

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-6524

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-6524

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-6524

EUVD