Back to search
CVE-2018-1337
Published: Jul 10, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Directory | affected LDAP API prior to 1.0.2 |
References
104744
vdb-entry
x_refsource_BID
[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel
mailing-list
x_refsource_MLIST
[kafka-jira] 20200818 [jira] [Assigned] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337
mailing-list
x_refsource_MLIST
[kafka-dev] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337
mailing-list
x_refsource_MLIST
[kafka-jira] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337
mailing-list
x_refsource_MLIST
[kafka-jira] 20200819 [jira] [Updated] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337
mailing-list
x_refsource_MLIST
[kafka-jira] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337
mailing-list
x_refsource_MLIST
[kafka-dev] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now