Vulnerability Description
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Groovy Ldap | All versions |
Related Weaknesses (CWE)
References
- http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/javaMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/95929Third Party AdvisoryVDB Entry
- https://mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e90Mailing ListThird Party Advisory
- https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDTechnical DescriptionThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch
- http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/javaMailing ListThird Party Advisory
- http://www.securityfocus.com/bid/95929Third Party AdvisoryVDB Entry
- https://mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e90Mailing ListThird Party Advisory
- https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDTechnical DescriptionThird Party Advisory
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch
FAQ
What is CVE-2016-6497?
CVE-2016-6497 is a vulnerability with a CVSS score of 7.5 (HIGH). main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search...
How severe is CVE-2016-6497?
CVE-2016-6497 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6497?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Groovy Ldap.