Red Hat Bugzilla – Bug 1257246
CVE-2015-6524 activemq: LDAPLoginModule implementation allows wildcard operators in usernames
Last modified: 2018-05-10 14:15:31 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2015-6524 to the following vulnerability:
The LDAPLoginModule implementation the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack.
Created activemq tracking bugs for this issue:
Affects: fedora-all [bug 1257248]
activemq-5.6.0-12.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
activemq-5.6.0-12.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.