The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
2015-08-24T14:59:13.213
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | fedoraproject | fedora | 22 | Yes |
| Operating System | fedoraproject | fedora | 23 | Yes |
| Application | apache | activemq | 5.0.0 | Yes |
| Application | apache | activemq | 5.1.0 | Yes |
| Application | apache | activemq | 5.2.0 | Yes |
| Application | apache | activemq | 5.3.0 | Yes |
| Application | apache | activemq | 5.3.1 | Yes |
| Application | apache | activemq | 5.3.2 | Yes |
| Application | apache | activemq | 5.4.0 | Yes |
| Application | apache | activemq | 5.4.1 | Yes |
| Application | apache | activemq | 5.4.2 | Yes |
| Application | apache | activemq | 5.4.3 | Yes |
| Application | apache | activemq | 5.5.0 | Yes |
| Application | apache | activemq | 5.5.1 | Yes |
| Application | apache | activemq | 5.6.0 | Yes |
| Application | apache | activemq | 5.7.0 | Yes |
| Application | apache | activemq | 5.8.0 | Yes |
| Application | apache | activemq | 5.9.0 | Yes |
| Application | apache | activemq | 5.9.1 | Yes |
| Application | apache | activemq | 5.10.0 | Yes |