apache-ldap-api is vulnerable to information disclosure through a race condition. The vulnerability exists as it is possible for another thread to use the connection before it is secured by TLS, caused by the weak setup of SSL Filter. This could potentially expose sensitive information such as password.