Описание
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.2 (исключая)
cpe:2.3:a:apache:directory_ldap_api:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02662
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
github
около 7 лет назад
Credential leak in org.apache.directory.api:apache-ldap-api
EPSS
Процентиль: 85%
0.02662
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200