LDAP Injection Vulnerability in Apache Karaf by Apache Software Foundation
CVE-2016-8750

6.5MEDIUM

Key Information:

Vendor
Apache
Status
Apache Karaf
Vendor
CVE Published:
19 February 2018

Summary

Apache Karaf, prior to version 4.0.8, exposed a significant security flaw in its LDAPLoginModule that improperly handled user authentication via LDAP. This oversight allowed attackers to exploit the system through LDAP injection attacks, potentially leading to a denial of service. Organizations utilizing this version are urged to implement necessary patches to mitigate exposure to this vulnerability.

Affected Version(s)

Apache Karaf prior to 4.0.8

References

https://access.redhat.com/errata/RHSA-2018:1322
vendor-advisoryx_refsource_REDHAT
https://karaf.apache.org/security/cve-2016-8750.txt
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103098
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.