19 matches found
CVE-2026-57914
A flaw was found in Apache Kerby. A remote attacker could send a deeply nested Abstract Syntax Notation One ASN.1 structure to an Apache Kerby client or service, triggering a stack overflow exception. This could lead to a denial of service DoS condition, making the service unavailable to legitima...
CVE-2026-57915
A flaw was found in Apache Kerby. An attacker can bypass the Kerberos pre-authentication check by sending a Pre-Authentication Data PA-DATA packet with an unrecognized or unsupported type. This vulnerability allows an attacker to circumvent the initial authentication step, potentially leading to...
EUVD-2026-39650
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
CVE-2026-57914
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
CVE-2026-57915 Apache Kerby: Kerberos Pre-Authentication Bypass
It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
CVE-2026-57915
CVE-2026-57915 affects Apache Kerby: Kerberos pre-authentication can be bypassed by sending a PA-DATA with an unrecognized/unsupported type. The issue is enabled by the underlying pre-auth check and is fixed in Apache Kerby version 2.1.2. Reported impact from sources indicates a high-severity con...
EUVD-2026-39648
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
CVE-2026-57914 Apache Kerby: StackOverflow on parsing deeply nested ASN1 structures
By sending a deeply nested ASN1 structure to a Apache Kerby client or service, it's possible to trigger a StackOverFlow Exception which can lead to denial of service issues. Users are recommended to upgrade to version 2.1.2, which fixes this issue...
Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...
Apache Kerby LDAP Injection Vulnerability
Apache Kerby is a Java Kerberos binding from the Apache Foundation, USA. Provides rich, intuitive, and interoperable implementations, libraries, KDCs, and facilities to integrate PKI, OTP, and tokens OAuth2 as needed for modern environments such as cloud, Hadoop, and mobile. An LDAP injection...
Apache Kerby LdapIdentityBackend LDAP Injection vulnerability
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3...
GHSA-337F-XR2X-6FCF Apache Kerby LdapIdentityBackend LDAP Injection vulnerability
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3...
CVE-2023-25613
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3...
CVE-2023-25613
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3...
Design/Logic Flaw
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3...
CVE-2023-25613
CVE-2023-25613 is an LDAP injection in Apache Kerby via LdapIdentityBackend. IBM/Cloudera advisories list CVE-2023-25613 among vulnerabilities affecting CDP (e.g., 7.1.9 HF2) and IBM DataStage on Cloud Pak for Data. Remediation provided: upgrade to Cloud Pak for Data 5.0.0+ for DataStage on Cloud...
CVE-2023-25613 LDAP Injection Vulnerability in Apache Kerby
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3...
Apache Kerby 注入漏洞
Apache Kerby is a Java Kerberos binding from the Apache Foundation, USA. Provides rich, intuitive, and interoperable implementations, libraries, KDCs, and facilities to integrate PKI, OTP, and tokens OAuth2 as needed for modern environments such as cloud, Hadoop, and mobile. An LDAP injection...
PT-2023-20194 · Apache · Apache Derby
Name of the Vulnerable Software and Affected Versions: Apache Kerby versions prior to 2.0.3 Description: An LDAP Injection issue exists in the LdapIdentityBackend of Apache Kerby. This allows for potential exploitation. Recommendations: For versions prior to 2.0.3, update to version 2.0.3 or late...