8.1

CVE-2014-3999

The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HordeHorde Ldap SwPlatformhorde Version < 2.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.55% 0.83
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.openwall.com/lists/oss-security/2014/06/14/1
Mailing List
http://www.securityfocus.com/bid/68014
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1109628
Issue Tracking
https://github.com/horde/horde/commit/4c3e18f1724ab39bfef10c189a5b52036a744d55
Patch
https://marc.info/?l=horde-announce&m=140178644816474&w=2
Mailing List