3 matches found
CVE-2018-1337
CVE-2018-1337 affects Apache Directory LDAP API prior to 1.0.2. Root cause: a flaw in the SSL Filter setup allows a thread to reuse a connection before TLS is established, potentially leaking data from a request (including credentials from BIND) when a connection is pulled from the pool. Impact: ...
CVE-2015-3250
CVE-2015-3250 affects the Apache Directory LDAP API prior to 1.0.0-M31. The vulnerability allows timing attacks via unspecified vectors. This is consistently described across multiple sources (GHSA, NVD, OSV, Ubuntu/Debian OSV), though exploitation details and remediation are not provided in the ...
CVE-2026-35563
The CVE-2026-35563 concerns the Apache Directory LDAP API LDAP client (v2.1.7) failing to verify that the server certificate matches the intended LDAP hostname. Root cause: incomplete TLS server identity verification. Impact: potential server impersonation and complete connection compromise over ...