Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-6426

Опубликовано: 01 янв. 2013
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.6:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.7:beta:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.8:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::0.9:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::1.0:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\::1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:*:*:*:*:*:*:*:*
Версия до 1.2.2 (включая)
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:lemonldap-ng:lemonldap\:\:ng:1.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 48%
0.00254
Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2012-6426

ubuntu
около 13 лет назад

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

debian логотип

CVE-2012-6426

debian
около 13 лет назад

LemonLDAP::NG before 1.2.3 does not use the signature-verification cap ...

github логотип

GHSA-9q8m-r734-6gg5

github
больше 3 лет назад

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

EPSS

Процентиль: 48%
0.00254
Низкий

7.5 High

CVSS2

Дефекты

CWE-264