Описание
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
A flaw was found in Groovy LDAP. The API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging the returnObjFlag setting. The highest threat from this vulnerability is to data integrity.
Отчет
The vulnerable class LDAP, is not found in OpenShift Container Platform's distribution of ElasticSearch. Groovy as shipped in Red Hat Enterprise Linux 7 does not embed the LDAP class, and thus is not affected by this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | groovy | Not affected | ||
| Red Hat Fuse 7 | camel | Not affected | ||
| Red Hat JBoss BRMS 5 | groovy | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | groovy | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 5 | groovy | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | groovy | Out of support scope | ||
| Red Hat JBoss Fuse 6 | camel | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | camel | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | groovy | Out of support scope | ||
| Red Hat JBoss SOA Platform 5 | groovy | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
EPSS
7.5 High
CVSS3