Search criteria
4 vulnerabilities found for directory_ldap_api by apache
CVE-2018-1337 (GCVE-0-2018-1337)
Vulnerability from nvd – Published: 2018-07-10 13:00 – Updated: 2024-09-17 01:12
VLAI?
Summary
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).
Severity ?
No CVSS data available.
CWE
- Plaintext Password Disclosure in Secured Channel
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Directory |
Affected:
LDAP API prior to 1.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104744"
},
{
"name": "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f%40%3Cdev.directory.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Assigned] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200819 [jira] [Updated] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446%40%3Cdev.kafka.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Directory",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "LDAP API prior to 1.0.2"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Plaintext Password Disclosure in Secured Channel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T14:06:20",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "104744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104744"
},
{
"name": "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f%40%3Cdev.directory.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Assigned] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200819 [jira] [Updated] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446%40%3Cdev.kafka.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-1337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Directory",
"version": {
"version_data": [
{
"version_value": "LDAP API prior to 1.0.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Plaintext Password Disclosure in Secured Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104744"
},
{
"name": "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f@%3Cdev.directory.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Assigned] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200819 [jira] [Updated] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446@%3Cdev.kafka.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1337",
"datePublished": "2018-07-10T13:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-17T01:12:12.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3250 (GCVE-0-2015-3250)
Vulnerability from nvd – Published: 2017-09-07 13:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150707 Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241163"
},
{
"name": "[oss-sec] 20150707 [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.apache.org/api/#news_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20150707 Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241163"
},
{
"name": "[oss-sec] 20150707 [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.apache.org/api/#news_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150707 Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/11"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1241163",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241163"
},
{
"name": "[oss-sec] 20150707 [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/5"
},
{
"name": "http://directory.apache.org/api/#news_1",
"refsource": "CONFIRM",
"url": "http://directory.apache.org/api/#news_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3250",
"datePublished": "2017-09-07T13:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1337 (GCVE-0-2018-1337)
Vulnerability from cvelistv5 – Published: 2018-07-10 13:00 – Updated: 2024-09-17 01:12
VLAI?
Summary
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).
Severity ?
No CVSS data available.
CWE
- Plaintext Password Disclosure in Secured Channel
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Directory |
Affected:
LDAP API prior to 1.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:38.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104744"
},
{
"name": "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f%40%3Cdev.directory.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Assigned] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200819 [jira] [Updated] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446%40%3Cdev.kafka.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Directory",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "LDAP API prior to 1.0.2"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Plaintext Password Disclosure in Secured Channel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T14:06:20",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "104744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104744"
},
{
"name": "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f%40%3Cdev.directory.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Assigned] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b%40%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200819 [jira] [Updated] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446%40%3Cdev.kafka.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-1337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Directory",
"version": {
"version_data": [
{
"version_value": "LDAP API prior to 1.0.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Plaintext Password Disclosure in Secured Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104744"
},
{
"name": "[directory-dev] 20180710 [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d66081195e9a02ee7cc20fb243b60467d1419586eed28297d820768f@%3Cdev.directory.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Assigned] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1a258430d820a90ff9d4558319296cc517ff2252327d7b3546d16749@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r56b304fb9960c869995efbb31da3b9b7c6d53ee31f7f7048eb80434b@%3Cdev.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200818 [jira] [Created] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r55e74532e7f9e84ecfa56b4e0a50a5fe0ba6f7a76880520e4400b0d7@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200819 [jira] [Updated] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4da40aa50cfdb2158898f2bc6df81feec1d42c6a06db6537d5cc0496@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-jira] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0e645b3f6ca977dc60b7cec231215c59a9471736c2402c1fef5a0616@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[kafka-dev] 20200824 [jira] [Resolved] (KAFKA-10414) Upgrade api-util dependency - CVE-2018-1337",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1815fb5b0c345f571c740e7a1b48d7477647edd4ffcf9d5321e69446@%3Cdev.kafka.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1337",
"datePublished": "2018-07-10T13:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-17T01:12:12.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3250 (GCVE-0-2015-3250)
Vulnerability from cvelistv5 – Published: 2017-09-07 13:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150707 Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/11"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241163"
},
{
"name": "[oss-sec] 20150707 [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://directory.apache.org/api/#news_1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20150707 Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/11"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241163"
},
{
"name": "[oss-sec] 20150707 [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://directory.apache.org/api/#news_1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150707 Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/11"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1241163",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1241163"
},
{
"name": "[oss-sec] 20150707 [ANNOUNCE] Apache Directory LDAP API 1.0.0-M31 released",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/07/5"
},
{
"name": "http://directory.apache.org/api/#news_1",
"refsource": "CONFIRM",
"url": "http://directory.apache.org/api/#news_1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3250",
"datePublished": "2017-09-07T13:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}