9.8

CVE-2018-1337

EPSS 2.8%
Published 10.07.2018 13:29:00
Last modified 21.11.2024 03:59:39
Source security@apache.org
Teams watchlist Login
Open Login

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).

Affected products Warnungen 0 Metrics 3 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Directory Ldap Api Version < 1.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.8%	0.856

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/104744

Third Party Advisory

VDB Entry

https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f%40%3Cdev.directory.apache.org%3E

https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616%40%3Cjira.kafka.apache.org%3E

https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446%40%3Cdev.kafka.apache.org%3E

https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749%40%3Cjira.kafka.apache.org%3E

https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496%40%3Cjira.kafka.apache.org%3E

https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7%40%3Cjira.kafka.apache.org%3E

https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b%40%3Cdev.kafka.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2018-1337

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1337

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1337

EUVD