Lucene search
K

45 matches found

OSV
OSV
added 2017/11/27 10:29 a.m.4 views

UBUNTU-CVE-2017-8028

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...

8.1CVSS7.4AI score0.02606EPSS
Exploits0References4
CVE
CVE
added 2017/11/27 10:0 a.m.108 views

CVE-2017-8028

In CVE-2017-8028, Pivotal Spring-LDAP (versions 1.3.0–2.3.1) may authenticate with an arbitrary password when the username is correct if using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy and certain LDAP servers, due to LDAP bind not taking effect without an explicit op...

8.1CVSS8.1AI score0.02606EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2017/11/27 10:0 a.m.36 views

CVE-2017-8028

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...

8.2AI score0.02606EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/11/20 12:0 a.m.34 views

Debian DLA-1180-1 : libspring-ldap-java security update

Tobias Schneider discovered that Spring-LDAP would allow authentication with an arbitrary password when the username is correct, no additional attributes are bound and when using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy as the authentication strategy and setting...

8.1CVSS7.9AI score0.02606EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2017/11/08 1:52 p.m.29 views

CVE-2017-8028

A vulnerability was found in spring-ldap that allows an attacker to authenticate with an arbitrary password. When spring-ldap connected to some LDAP servers, when no additional attributes are bound, when using LDAP BindAuthenticator with...

8.1CVSS5.6AI score0.02606EPSS
Exploits0References1
Rows per page
Query Builder