LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

Amazon Linux 2023 : bouncycastle, bouncycastle-javadoc, bouncycastle-mail (ALAS2023-2023-280)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-280 advisory. A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence o...

CVE-2023-33201

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject...

PT-2023-4874

Name of the Vulnerable Software and Affected Versions Bouncy Castle For Java versions prior to 1.74 Description The issue is related to an LDAP injection vulnerability in Bouncy Castle For Java. It affects applications that use an LDAP CertStore to validate X.509 certificates. During certificate...

SUSE CVE-2023-33201

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject...

OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)

It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...

OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)

It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...

OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)

It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...

openSUSE Security Update : mozilla-nss (openSUSE-SU-2013:1868-1)

This update fixes the following security issue with mozilla-nss : - update to 3.15.3.1 bnc854367 - includes certstore update 1.95 bmo946351 explicitely distrust AC DG Tresor SSL - adapt specfile to ppc64le %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

Mozilla updates 2013/12 (important)

This patch contains mozilla-nss 3.15.3.1 which includes a certstore update 1.95 to explicitely revoke AC DG Tresor SSL intermediate CA which was misused. Firefox 24.2esr Thunderbird 24.2 Seamonkey 2.23 These updates fix several security issues: CVE-2013-5611 Mozilla: Application Installation...