ghsa-chj8-5xgw-wcvj
Vulnerability from github
Published
2019-01-07 19:14
Modified
2021-09-09 18:04
Severity
Summary
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf
Details
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.karaf:apache-karaf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-8750"
],
"database_specific": {
"cwe_ids": [
"CWE-90"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:31:46Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.",
"id": "GHSA-chj8-5xgw-wcvj",
"modified": "2021-09-09T18:04:45Z",
"published": "2019-01-07T19:14:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8750"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:1322"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-chj8-5xgw-wcvj"
},
{
"type": "WEB",
"url": "https://karaf.apache.org/security/cve-2016-8750.txt"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103098"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Moderate severity vulnerability that affects org.apache.karaf:apache-karaf"
}
Loading...