CVE-2016-8750

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Karaf
Vendor: CVE Published:; 19 February 2018

Summary

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

Affected Version(s)

Apache Karaf prior to 4.0.8

References

https://access.redhat.com/errata/RHSA-2018:1322

vendor-advisoryx_refsource_REDHAT

https://karaf.apache.org/security/cve-2016-8750.txt

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103098

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2018
Vulnerability Reserved
Oct 18, 2016