CVE

Id
93317  
CVE No.
CVE-2016-6497  
Status
Candidate  
Description
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.  
Phase
Assigned (20160801)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
793423 93317 CVE-2016-6497 MLIST:[directory-users] 20161029 Security vulnerability in Groovy LDAP API  View
793424 93317 CVE-2016-6497 URL:https://mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e909-a8ed-1ab4-c853-4078c1e7624a%40stefan-seelmann.de%3E  View
793425 93317 CVE-2016-6497 MISC:https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf  View
793426 93317 CVE-2016-6497 CONFIRM:http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch  View
793427 93317 CVE-2016-6497 BID:95929  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
226 JVNDB-2016-000245 Apache ActiveMQ におけるクロスサイトスクリプティングの脆弱性 Apache Software Foundation が提供する Apache ActiveMQ は、Java Message Service を実装したオープンソースのミドルウェアです。Apache ActiveMQ には、格納型のクロスサイトスクリプティング (CWE-79) の脆弱性が存在します。 CVE-2016-6810 93317 4 4.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000245.html  View