Moderate severityNVD Advisory· Published Aug 24, 2015· Updated Jun 17, 2026
CVE-2015-6524
CVE-2015-6524
Description
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:activemq-brokerMaven | >= 5.0.0, < 5.10.2 | 5.10.2 |
org.apache.activemq:activemq-jaasMaven | >= 5.0.0, < 5.10.2 | 5.10.2 |
Affected products
22cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.9.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 5.0.0, < 5.10.2+ 1 more
- (no CPE)range: >= 5.0.0, < 5.10.2
- (no CPE)range: >= 5.0.0, < 5.10.2
Patches
Vulnerability mechanics
References
6- activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txtnvdVendor AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.htmlnvdThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.htmlnvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-23cr-5hr4-rgwvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-6524ghsaADVISORY
- github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39ghsaWEB
News mentions
0No linked articles in our index yet.