漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker
Vulnerability Description
Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used to fetch an attacker URL and spawn a second BrokerService inside the same JVM. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7 or 5.19.8, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Apache ActiveMQ 输入验证错误漏洞
Vulnerability Description
Apache ActiveMQ是Apache基金会的一款消息队列中间件。 Apache ActiveMQ存在输入验证错误漏洞,该漏洞源于输入验证不当,可能导致能够发布或修改LDAP条目的攻击者在代理JVM内部实例化被拒绝的传输,用于获取攻击者URL并在同一JVM中生成第二个BrokerService。
CVSS Information
N/A
Vulnerability Type
N/A