Lucene search

MitreCVE-2003-1434

HistoryOct 23, 2007 - 1:00 a.m.

CVE-2003-1434

2007-10-2301:00:00

CWE-287

mitre

web.nvd.nist.gov

cve-2003-1434

login_ldap

remote attackers

unauthenticated bind

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.

Affected configurations

Nvd

Node

pete_wernerlogin_ldapMatch3.1

pete_wernerlogin_ldapMatch3.2

VendorProductVersionCPE
pete_wernerlogin_ldap3.1cpe:2.3:a:pete_werner:login_ldap:3.1:*:*:*:*:*:*:*
pete_wernerlogin_ldap3.2cpe:2.3:a:pete_werner:login_ldap:3.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pete_werner	login_ldap	3.1	cpe:2.3:a:pete_werner:login_ldap:3.1:::::::*
pete_werner	login_ldap	3.2	cpe:2.3:a:pete_werner:login_ldap:3.2:::::::*

References

archives.neohapsis.com/archives/bugtraq/2003-02/0244.html

www.securityfocus.com/bid/6903

exchange.xforce.ibmcloud.com/vulnerabilities/11374

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

Related for CVE-2003-1434