资产安全
商业安全
安全服务
返回- 发布日期2021-01-28
- 感知时间2021-01-28
- 漏洞类型安全更新
- 风险等级未知
- 更新版本 5.x
- 情报贡献TSRC
ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind (CVE-2021-26117)<br/>PRODUCT AFFECTED:<br/>This issue affects Apache ActiveMQ Apache ActiveMQ, Apache ActiveMQ Artemis.<br/><br/>PROBLEM:<br/>The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.<br/><br/>This issue has been assigned CVE-2021-26117.<br/><br/>This issue is being tracked as https://issues.apache.org/jira/browse/ARTEMIS-2895 and https://issues.apache.org/jira/browse/AMQ-8035.<br/><br/>MODIFICATION HISTORY:<br/>: Initial Publication.<br/>RELATED LINKS:<br/>CVE-2021-26117 at cve.mitre.org<br/>ACKNOWLEDGEMENTS:<br/>Apache ActiveMQ would like to thank Gregor Tudan for reporting this issue.<br/>
Apache ActiveMQ是Apache软件基金会所研发的开放源代码消息中间件;由于ActiveMQ是一个纯Java程序,因此只需要操作系统支持Java虚拟机,ActiveMQ便可执行。
<p><a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26117">CVE-2021-26117</a></p>
暂无
暂无
http://activemq.apache.org/security-advisories.data/CVE-2021-26117-announcement.txt
微信扫码关注公众号
