漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
Vulnerability Description
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Apache ActiveMQ 授权问题漏洞
Vulnerability Description
Apache ActiveMQ是美国阿帕奇(Apache)基金会的一套开源的消息中间件,它支持Java消息服务、集群、Spring Framework等。 Apache ActiveMQ LDAP login module 存在授权问题漏洞,该漏洞源于匿名上下文用于验证错误的有效用户密码,导致不检查密码。以下产品及版本受到影响:Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16
CVSS Information
N/A
Vulnerability Type
N/A