Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache ActiveMQ Java Authentication and Authorization Service 信任管理漏洞
Vulnerability Description
Apache ActiveMQ是美国阿帕奇(Apache)软件基金会的一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ 5.10.1之前5.x版本的Java Authentication and Authorization Service(JAAS)中的LDAPLoginModule实现过程中存在安全漏洞,该漏洞源于程序允许用户名中存在通配符。远程攻击者可通过实施暴力破解攻击利用该漏洞获取证书。
CVSS Information
N/A
Vulnerability Type
N/A