Lucene search

[email protected]CVE-2014-9217

HistoryDec 08, 2014 - 11:59 a.m.

CVE-2014-9217

2014-12-0811:59:10

CWE-287

[email protected]

web.nvd.nist.gov

cve-2014-9217

graylog2

ldap

authentication

bypass

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.

Affected configurations

NVD

Node

torch_gmbhgraylog2Range≤0.91.3

CPENameOperatorVersion
torch_gmbh:graylog2torch gmbh graylog2le0.91.3

CPE	Name	Operator	Version
torch_gmbh:graylog2	torch gmbh graylog2	le	0.91.3

References

seclists.org/oss-sec/2014/q4/1130

www.graylog2.org/news/post/0010-graylog2-v0-92

exchange.xforce.ibmcloud.com/vulnerabilities/99571

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.5%

JSON

Related for CVE-2014-9217

nessus1 cvelist1 prion1 nvd1