CVE-2016-6496

CVE-2016-6496 affects Atlassian Crowd LDAP entry handling. The LDAP directory connector is vulnerable to LDAP Java object injection: an attacker can cause remote code execution by sending a crafted serialized Java object in an LDAP attribute. Affected versions are all Crowd 1.4.1 to 2.8.7 (and 2....

CVE-2016-6496

The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...

Atlassian Crowd LDAP Java Object Injection Vulnerability (CWD-4790)

Atlassian Crowd is prone to a LDAP Java object injection vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2016-6496: LDAP Java Object Injection in Crowd

The Crowd LDAP directory connector allowed an attacker to gain remote code execution in Crowd by injecting malicious attributes in LDAP entries. To exploit this issue, attackers need to modify an entry in your LDAP directory or successfully execute a Man-in-The-Middle attack between an LDAP serve...