42 matches found
VMware Tanzu Spring LDAP 安全漏洞
VMware Tanzu Spring LDAP is a library from VMware that simplifies LDAP programming in Java. A security vulnerability exists in VMware Tanzu Spring LDAP that originates from allowing data to be exposed in case-sensitive comparisons...
PT-2024-9997 · Spring +1 · Spring Ldap +1
Name of the Vulnerable Software and Affected Versions: Spring LDAP versions 2.4.0 through 2.4.3 Spring LDAP versions 3.0.0 through 3.2.7 Description: The issue is related to insufficient case sensitivity checking in the String.toLowerCase and String.toUpperCase functions of the Spring LDAP projec...
This Week in Spring - November 19th, 2024
Hi, Spring fans! How are you? Can you believe we're already staring at the end of the month? It's that time of the year when we see new releases, and the new releases reflect that frenzy! Soon: Spring Boot 3.4.0! Are you updated? Make sure you're updated! Remember: Spring projects leave open sour...
This Week in Spring - February 27th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring wherein we explore the latest-and-greatest in the wonderful world of Springdom. This week's going to be a very good one, so let's dive right into it! good news everyone! Spring Boot's been updated! 3.3.0-M2, 3.2.3, and 3.1.9 a...
GHSA-W66J-XC7R-M2JV camel-ldap component allows LDAP Injection when using the filter option
The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component which is not affected or upgrade to 3.14.6 or 3.18.4...
camel-ldap component allows LDAP Injection when using the filter option
The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component which is not affected or upgrade to 3.14.6 or 3.18.4...
be.dnsbelgium:rdap-server (>=0.3.3 <=1.1.0), com.ahome-it:ahome-tooling-server-core (>=1.0.83-RC1 <=1.1.36-RELEASE) +556 more potentially affected by CVE-2017-8028 via org.springframework.ldap:spring-ldap-core (>=1.3.0.RELEASE <=2.3.1.RELEASE)
org.springframework.ldap:spring-ldap-core MAVEN version =1.3.0.RELEASE, =0.3.3, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.1.0-RELEASE, =1.0.83-RC1, =1.0.83-RC1, =3.1.0, =3.1.0, =3.1.3, =3.1.3, =3.1.8 - com.capitalone.dashboard:jira-feature-collector =3.1.3 -...
Improper Authentication in Pivotal Spring-LDAP
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
GHSA-PJQH-2JCC-5J84 Improper Authentication in Pivotal Spring-LDAP
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
Mageia: Security Advisory (MGASA-2018-0235)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2018-0235 Updated spring-ldap packages fix security vulnerability
It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...
Updated spring-ldap packages fix security vulnerability
It was discovered that spring-ldap would under some circumstances allow authentication with a correct username but an arbitrary password CVE-2017-8028...
spring-ldap: Authentication with userSearch and STARTTLS allows authentication with arbitrary password
A vulnerability was found in spring-ldap that allows an attacker to authenticate with an arbitrary password. When spring-ldap connected to some LDAP servers, when no additional attributes are bound, when using LDAP BindAuthenticator with...
Authentication flaw
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
CVE-2017-8028
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
CVE-2017-8028
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
UBUNTU-CVE-2017-8028
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
CVE-2017-8028
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
CVE-2017-8028
In CVE-2017-8028, Pivotal Spring-LDAP (versions 1.3.0–2.3.1) may authenticate with an arbitrary password when the username is correct if using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy and certain LDAP servers, due to LDAP bind not taking effect without an explicit op...
CVE-2017-8028
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...