ID CVE-2016-6497
Summary main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:groovy_ldap:*:*:*:*:*:*:*:*
    cpe:2.3:a:apache:groovy_ldap:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 28-05-2020 - 15:59)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 95929
confirm http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch
misc
mlist [directory-users] 20161029 Security vulnerability in Groovy LDAP API
Last major update 28-05-2020 - 15:59
Published 18-01-2017 - 22:59
Last modified 28-05-2020 - 15:59
Back to Top