Back to search
CVE-2016-8750
Published: Feb 19, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Karaf | affected prior to 4.0.8 |
References
RHSA-2018:1322
vendor-advisory
x_refsource_REDHAT
https://karaf.apache.org/security/cve-2016-8750.txt
x_refsource_CONFIRM
103098
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now