Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache ActiveMQ 授权问题漏洞
Vulnerability Description
Apache ActiveMQ是美国阿帕奇(Apache)基金会的一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ 5.10.1之前5.x版本存在授权问题漏洞。远程攻击者可通过使用空密码和有效的用户名登陆利用该漏洞绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A