bouncycastle: potential blind LDAP injection attack using a self-signed certificate

A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to information disclosure. This could allow a malicious user to obtain...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Bouncy Castle Crypto Package for Java

Summary Multiple vulnerabilities in Bouncy Castle Crypto Package for Java used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerability with bcprov-jdk affect IBM Cloud Object Storage Systems (Sept2023)

Summary Vulnerability with bcprov-jdk CVE-2023-33201 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive information, caused...

Security Bulletin: App Connect Professional is affected by Bouncy Castle vulnerability.

Summary App Connect Professional have addressed the following vulnerability reported in Bouncy Castle. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Package For Java bc-java could allow a remote attacker to obtain sensitive information, caused by not validating...

Bouncy Castle For Java LDAP injection vulnerability

Bouncy Castle provides the X509LDAPCertStoreSpi.java class which can be used in conjunction with the CertPath API for validating certificate paths. Pre-1.73 the implementation did not check the X.500 name of any certificate, subject, or issuer being passed in for LDAP wild cards, meaning the...

Novell eDirectory HTTP Request Content-Length Heap Buffer Overflow (CVE-2008-4478)

Novell eDirectory is an X.500 and LDAP compatible directory server intended for use as a part of an identity management solution. The product is made available for multiple platforms including NetWare, Unix-like systems, and Windows. There exists a heap buffer overflow vulnerability in Novell...

Novell eDirectory Management Console Accept-Language Buffer Overflow (CVE-2009-0192)

Novell eDirectory is an X.500 and LDAP compatible directory service software product. It is developed by Novell, Inc. for centrally managing access to resources on multiple servers and computers within a given network. The product is made available for multiple platforms including NetWare,...

Solaris 7 (sparc) : 119423-01

SunOS 5.7: X.500 Directory fnctxx500.so.1 Patch. Date this patch was last updated by Sun : May/05/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. if !...

Solaris 7 (x86) : 119424-01

SunOS 5.7x86: X.500 Directory fnctxx500.so.1 Patch. Date this patch was last updated by Sun : May/05/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/10/24. C Tenable Network Security, Inc. i...

CVE-2005-1518

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services FNS, autofs, and FNS X.500 configuration, allows local users to cause a denial of service automountd crash when "accessing" /xfn/x500...

CVE-2005-1518

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services FNS, autofs, and FNS X.500 configuration, allows local users to cause a denial of service automountd crash when "accessing" /xfn/x500...