4 matches found
K03863974: Apache LDAP vulnerability CVE-2018-1337
Security Advisory Description In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to...
Security Bulletin: IBM Security Verify Information Queue uses Apache LDAP API with a known vulnerability (CVE-2018-1337)
Summary IBM Security Verify Information Queue ISIQ v10.0.2 uses an older version of the Apache Directory LDAP API that is vulnerable to leaking sensitive information. ISIQ v10.0.3 upgraded to a newer Apache LDAP API that does not have the vulnerability. Vulnerability Details CVEID: CVE-2018-1337...
CVE-2018-1337
CVE-2018-1337 affects Apache Directory LDAP API prior to 1.0.2. Root cause: a flaw in the SSL Filter setup allows a thread to reuse a connection before TLS is established, potentially leaking data from a request (including credentials from BIND) when a connection is pulled from the pool. Impact: ...
CVE-2018-1337
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any informati...